From z/OS ACF2 STIG
Part of ZUSSA050
Associated with: CCI-000366
Default profile settings allow a user to access UNIX System Services (OMVS) if a user does not have a valid OMVS group in the logonid record. Settings in the ACP impact the security level of z/OS UNIX. In classified systems user access will not be determined by default.
If this is an Unclassified system this is not applicable. From ACF2 Command Line enter: Set CONTROL(GSO) Show UNIXOPTS Alternately: Refer to the following report produced by the ACF2 Data Collection: - ACF2CMDS.RPT(ACFGSO) - Classification of System Automated Analysis: Refer to the following report produced by the ACF2 Data Collection: - PDI(ZUSSA050) If system is classified the UNIXOPTS record specifies DFTGROUP(); DFTUSER(); NOUNIQUSER AND MODLUSER(), there is no finding.
Ensure that UNIXOPTS record does not specify DFTGROUP and DFTUSER fields for classified systems. Ensure that then UNIXOPTS record specifies NOUNIQUSER and no MODLUSER If system is classified the UNIXOPTS record must specify DFTGROUP(); DFTUSER() and MODLUSER(). NOUNIQUEUSER must be specified. Example: SET C(GSO) LIST UNIXOPTS CHOWNRES DFTGROUP() DFTUSER() NODIRACC NODIRSRCH NOFSOBJ NOFSSEC NOGOSETGID NOHFSACL NOHFSSEC NOIPCOBJ NGROUPS(300) NOPROCACT NOPROCESS MODLUSER() NOUNIQUSER
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer