How can I associate a UID to a specific username on IBM z/OS Unix System Services?
Within USS, I see content created in my user space which I do not own. File ownership lists a three digit numerical value, rather than a username, which I presume to be a UID. I've unsuccessfully attempted to make a username association using commands:
tsocmd "search class(USER) uid(###)" tsocmd "rlist unixmap u### all"
The security system that makes up z/OS is called Security Authorization Facility (SAF). There are a number of products that can be used for the security role. Think of SAF a little like you would PAM on Linux.
The three leading products for providing security services are (in alphabetical order (ACF2, RACF and Top Secret). Each of them have slightly different command lines but I’ll explain using RACF which is very common.
Users have different “segments” in the security manager that group common attributes for a given subsystem. Like TSO or OMVS. In your case, your interested in defining a UID attributed used by OMVS and that would be done in the OMVS segment. The UID can be manually defined or “auto” assigned.
When creating the user you would use a command in RACF like
ADDUSER (bob) OMVS(UID(newNum)) ... Or ADDUSER (bob) OMVS(AUTOUID)
Alternatively, if bob existed but did not have an OMVS segment defined you could
ALTUSER (bob) OMVS(UID(newNum)) ... Or ALTUSER (bob) OMVS(AUTOID) ...
Refer to the IBM manual for a complete discussion on the syntax for these commands. Also note, you need the SPECIAL attribute to be able to execute these commands. Users cannot simply change these attributes on their own but require a security administrator to accomplish this.
