From z/OS ACF2 STIG
Part of ZUSS0044
Associated with: CCI-000764
User identifiers (ACF2 logonids, RACF userids, and Top Secret ACIDs), groups, and started tasks that use z/OS UNIX facilities are defined to an ACP with attributes including UID and GID. If these attributes are not correctly defined, data access or command privilege controls could be compromised.
Refer to system PARMLIB member BPXPRMxx (xx is determined by OMVS entry in IEASYS00.)
Determine the user ID identified by the SUPERUSER parameter. (BPXROOT is the default).
From a command input screen enter:
SET LID
LIST LIKE (superuser userid)
If the SUPERUSER userid is defined as follows, this is not a FINDING:
- No access to interactive on-line facilities (e.g., TSO, CICS, etc.)
- Default group specified as OMVSGRP or STCOMVS
From a command input screen enter:
SET PROFILE(USER) DIVISION(OMVS)
SET VERBOSE
LIST
Define the user ID identified in the BPXPRM00 SUPERUSER parameter as specified below: - No access to interactive on-line facilities (e.g., TSO, CICS, etc.) - Default group specified as OMVSGRP or STCOMVS - UID(0) - HOME directory specified as “/” - Shell program specified as “/bin/sh”
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer