POSIX Support

Contents
vmx32besp
Contents
VM:Secure
supports the following POSIX objects in the CP object directory:
POSIX Object
Definition
POSIX UID
POSIX user ID. An integer that represents the VM user ID to the POSIX system.
POSIX GID
POSIX group ID. An integer that represents the POSIX group in which the VM userid is a member.
POSIX GNAME
gname
gname
is a character string that represents a GID. Many
name
s can represent the same GID.
POSIX supplementary group name list
A list of GIDs and GNAMEs to which the POSIX userid is eligible to be a member.
POSIX file system root, initial program (shell), and initial working directory
Various POSIX configuration items.
 
Maintaining POSIX Group Names and Group IDs
VM:Secure
keeps POSIX group information in the
VMSECURE
POSIX file on the DRCT minidisk. This file enables you to use
VM:Secure
to define new POSIX groups, and to make changes to existing POSIX groups. You use this file to define POSIX groups instead of specifying POSIXGROUP statements in the USER DIRECT file.
To work with POSIX group names, use the ADMIN POSIX command. This command opens the
VMSECURE
POSIX file in XEDIT.
You must have at least ADMIN POSIX authorization to use the ADMIN POSIX command. For information about the
VMSECURE
POSIX file and the format of the POSIXGROUP statement, see
VMSECURE
POSIX File.
Example:
To define a new POSIX group, enter the following:
vmsecure
admin posix
The
VMSECURE
POSIX file opens in XEDIT. To add the new POSIX group named FINANCE with a GID of 002, add the following statement:
POSIXGROUP FINANCE 002
Save and exit the file.
POSIX Information in a Directory Entry or Profile
VM:Secure
supports the following POSIX - related directory control statements, introduced as part of VM/ESA Release 2.1.0. You can use these statements in directory entries and in directory profiles:
Directory Statement
Description
POSIXINFO
Specifies a user’s POSIX information. Specifically, userid (UID), group ID (GID/GNAME), initial working directory (IWDIR), initial user program (IUPGM), and file system root (FSROOT).
POSIXGLIST
Lists the names of the POSIX groups of which the user is a member. Groups can be specified by either GID or GNAME.
POSIXOPT
Specifies a user’s POSIX options.
Querying and Changing POSIX Information
To query or change the POSIX information in a directory entry, use the
VM:Secure
EDIT, EDX, REPENTRY, or GETENTRY commands.
For syntax and usage information for the POSIXINFO, POSIXGLIST, and POSIXOPT directory control statements, see IBM’s
CP Planning and
Administrators
guide for your release of VM.
VMSECURE
POSIX File
The
VMSECURE
POSIX file, which resides on the
VM:Secure
DRCT minidisk, contains the POSIX group definitions. Use this file, instead of the USER DIRECT file, to define POSIX groups.
Each record in the
VMSECURE
POSIX file identifies a POSIX group.
For information about the format of the POSIXGROUP record, see IBM’s
CP
Planning and Administration
guide.
The
VMSECURE
POSIX file can also contain comments, blank lines, and the *ED= special comment.
You can include an edit special comment (*ED=) in the
VMSECURE
POSIX file.
VM:Secure
maintains this comment with the date and time of last update of the
VMSECURE
POSIX file, the userid that last updated the file, the process used to update the file, and the date the file was first updated.
VM:Secure
reads the
VMSECURE
POSIX file as part of its initialization process. If it encounters an invalid POSIXGROUP statement, it sends a diagnostic message to the
VM:Secure
console and to the
VM:Secure
system operator. This operator is a userid you specify on the SYSOPER record in the PRODUCT CONFIG file.
VM:Secure
validates all GIDs and GNAMEs in the source directory against those defined in the
VMSECURE
POSIX file. If
VM:Secure
encounters a GID or GNAME that is not defined, initialization is terminated with the appropriate error messages.
VM:Secure
ignores the
VMSECURE
POSIX file when running on z/VM systems that do not support it.
You can edit the
VMSECURE
POSIX file while
VM:Secure
is running by using the ADMIN POSIX command. To use the POSIX parameter, you must have at least ADMIN POSIX authorization through a GRANT record in the AUTHORIZ CONFIG file. You can also use the ADMIN, ADMIN *, or ADMIN *ALL authorizations to provide the necessary level of security.
The following figure is a sample
VMSECURE
POSIX file that shows the GNAME in the second column and the GID in the third column, as follows:
*ED= * POSIX GROUPS FOR THE XYZ DIVISION POSIXGROUP      Admin         101 POSIXGROUP      FINANCE       102 POSIXGROUP      MARKETING     103 POSIXGROUP      Sales         104 POSIXGROUP      TechPubs      105 * POSIX GROUPS FOR THE ACM DIVISION POSIXGROUP      AdminA        201 POSIXGROUP      AdminB        202 POSIXGROUP      ENGI          203 POSIXGROUP      TCOM          204