There are new messages in the ACF SHOW UNIXOPTS display that are a result of new GSO UNIXOPTS fields and enhancements. The documentation updates for these new fields and messages will be included in updates to the ACF2 documentation in the near future. New display fields:
- BPX.NEXT.USER ACTIVE: YES AUTOIDOM SYSID: ****
- FSACCESS CHECKING: YES
- DENY EXECUTION IF FILE HAS NO EXECUTE PERMISSIONS: NO
- TRACE USE OF BPX.DEFAULT.USER UID AND GID: YES
The following describes the SHOW UNIXOPTS display message and the corresponding GSO fields that control the display status.
Sample show UNIXOPTS:
- UNIXOPTS OPENEDITION/MVS/UNIX SYSTEM SERVICES (USS) SUMMARY
OMVS DEFAULT USER: OMVSDUSR
OMVS DEFAULT GROUP: OMVSGRP
MAX NUMBER OF OMVS GROUPS: 300
HFS SECURITY ACTIVE: YES
HFSACL ACTIVE: NO
FILE.GROUPOWNER.SETGID ACTIVE: NO
OMVS MODEL USER: MODLUSER
BPX.UNIQUE.USER ACTIVE: NO
BPX.NEXT.USER ACTIVE: YES AUTOIDOM SYSID: XXXX
FSACCESS CHECKING: YES
DENY EXECUTION IF FILE HAS NO EXECUTE PERMISSIONS: NO
TRACE USE OF BPX.DEFAULT.USER UID AND GID: NO
- AUDIT FLAG STATUS
New UNIXOPTS fields
FSACCESS CHECKING: YES corresponds to the GSO UNIXOPTS
BYP-FSA|NOBYP-FSA (default is NOBYP-FSA) |
A new GSO UNIXOPTS record field called BYP-FSA|NOBYP-FSA (default is NOBYP-FSA) that allows customers to disable FASTAUTH calls for FSACCESS class resources.
BPX.NEXT.USER ACTIVE: YES|NO is determined by the existence of the AUTOIDOM GSO record. The value will be YES if the AUTOIDOM record exists and NO if there is no AUTOIDOM record.
DENY EXECUTION IF FILE HAS NO EXECUTE PERMISSIONS: YES|NO corresponds to the GSO UNIXOPTS DENYEXEC|NODENYEXEC
DENYEXEC | NODENYEXEC (default is NODENYEXEC)
Modifies authorization checks for UID 0 execute attempts for HFS and zFS files that have no execute permissions assigned. Standard Unix checks would fail UID 0 attempts to execute such files, but ACF2 allows execution of the file if the caller has READ authority to SUPERUSER.FILESYS in the UNIXPRIV class. When DENYEXEC is specified, ACF2 ACF2 processing fails the UID 0 execute attempt without proceeding to check the SUPERUSER.FILESYS UNIXPRIV class resource.
TRACE USE OF BPX.DEFAULT.USER UID AND GID: NO|YES corresponds to the GSO UNIXOPTS TRACEDFT | NOTRACEDFT (default is NOTRACEDFT)
Enables tracing of initUSP callable service requests that use the default OMVS UID and/or GID defined in BPX.DEFAULT.USER. This is primarily intended as a tool to assist sites migrating to z/OS 2.1 since BPX.DEFAULT.USER no longer exists at z/OS 2.1 and above. With TRACEDFT enabled the traced initUSP calls are reported on ACFRPTOM with "Successful - UID or GID came from BPX.DEFAULT.USER" to indicate that the UID or GID came from BPX.DEFAULT.USER.