From z/OS TSS STIG
Part of ZUSS0048
Associated with: CCI-000764
Top Secret ACIDs that use z/OS UNIX facilities must be properly defined. If these attributes are not correctly defined, data access or command privilege controls could be compromised.
If this is a classified system, this is not applicable. From a command line issue the following command: Note: One must have appropriate access to perform this command (have the site security officer issue the command) TSS MODIFY STATUS Examine the following option: UNIQUSER Alternately: Refer to the following report produced by the TSS Data Collection: - TSSCMDS.RPT(STATUS) - TSSCMDS.RPT(OMVSUSER) Note: This check applies to any user identifier (ACID) used to model OMVS access on the mainframe. This includes OMVSUSR; MODLUSER, and BPX.UNIQUE.USER. If MODLUSER is specified then UNIQUSER must be specified as “ON”. If user identifier (ACID) used to model OMVS user account is defined as follows, this is not finding. A non-writable HOME directory Shell program specified as “/bin/echo”, or “/bin/false” Note: The shell program must have one of the specified values. The HOME directory must have a value (i.e., not be allowed to default).
Use of the OMVS default UID will not be allowed on any classified system. Define the user identifier (ACID) used to model OMVS user account with a non-writable home directory, such as "\" root, and a non-executable, but existing, binary file, "/bin/false" or “/bin/echo.”
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer