15.10 - UNIX Security - Teradata Tools and Utilities

Teradata Tools and Utilities for IBM z/OS Installation Guide

prodname
Teradata Tools and Utilities
vrm_release
15.10
created_date
August 2016
category
Installation
featnum
B035-3128-086K
The MVS userid assigned to any TDP using an NP must be defined to the MVS RACF OMVS segment in the user profile to provide a UNIX userid. For IBM's RACF, this may be done in one of three ways:
  • For z/OS V1.R13 and older, the BPX.DEFAULT.USER RACF FACILITY class can be used to assign a default UNIX userid to every MVS userid.
  • For z/OS V1.R11 and later, the BPX.UNIQUE.USER RACF FACILITY class can be used to request a UNIX userid for any MVS userid without an OMVS segment that accesses a UNIX kernel service. Refer to the z/OS Security Server RACF Security Administrator's Guide available at: http://www-01.ibm.com/support/knowledgecenter/.
  • For any z/OS release, the following RACF commands may be used to associate an existing UNIX userid to an MVS TDP userid:
    • ALTUSER mvsusername OMVS(UID(unixuserid))
    • ALTGROUP mvsgroupname OMVS(GID(unixgroupid))

    where mvsusername is the MVS userid for the TDP, unixuserid is either an existing UNIX userid or the parameter AUTOUID to request that a unique UNIX userid be generated; mvsgroupname is the MVS group name with which the MVS TDP user name is associated; unixgroupid is either an existing UNIX userid or the parameter AUTOGID to request that a unique UNIX userid be generated.

TDP uses UNIX only implicitly to access the network. No explicit UNIX resources such as the shell, applications, or files are used; however, because TDP exits could do such things, the security characteristics for a UNIX userid might need such usage. Refer to the IBM document z/OS UNIX System Services Planning, available at: http://www-01.ibm.com/support/knowledgecenter/.