Define POSIX user attributes
Component: | POSIX-BC |
Functional area: | User management |
Domain: | SYSTEM-MANAGEMENT |
Privileges: | TSOS USER-ADMINISTRATION |
This command can only be used if the chargeable subsystem SDF-P is loaded.
Function
The ADD-POSIX-USER command defines all the POSIX attributes of the BS2000 user ID for a new POSIX user. The necessary preparations are also made in POSIX for this user to permit POSIX access (creating the login directory for this user).
Note
This command replaces the S procedure POSADDUS.
The POSIX user attributes of a BS2000 user ID can be modified using the MODIFY-POSIX-USER-ATTRIBUTES command. Information on the current POSIX default attributes can be obtained with the SHOW-POSIX-USER-DEFAULTS command.
Format
ADD-POSIX-USER |
USER-NAME = <name 1..8> ,USER-NUMBER = *DEFAULT / <integer 0..60002> ,GROUP-NUMBER = *DEFAULT / <integer 0..60002> ,PROGRAM = *DEFAULT / <posix-pathname 1..1023 without-wild> ,HOME-DIRECTORY = *DEFAULT / <posix-pathname 1..1023 without-wild> ,RLOGIN-ACCOUNT = *NONE / <alphanum-name 1..8> |
Operands
USER-NAME = <name 1..8>
BS2000 user ID whose POSIX user attributes are to be defined.
USER-NUMBER =
User number which is to be defined for this BS2000 user ID.
The USER-NUMBER attribute is relevant to security as the user number indicates the privilege and determines the owner of a file.
USER-NUMBER = *DEFAULT
The user number is given the currently set default value (see the SHOW-POSIX-USER-DEFAULTS command).
USER-NUMBER = <integer 0..60002>
The user number is given the specified value.
GROUP-NUMBER =
Group number which is to be defined for the BS2000 user ID.
The GROUP-NUMBER attribute is relevant to security as POSIX does not check the permissibility of the combination of BS2000 user ID and group against the POSIX group catalog when you log on.
GROUP-NUMBER = *DEFAULT
The group number is given the currently set default value (see the SHOW-POSIX-USER-DEFAULTS command).
GROUP-NUMBER = <integer 0..60002>
The group number is assigned the specified value.
PROGRAM =
Program which is started after the rlogin command or after the START-POSIX-SHELL command is called.
This attribute is not relevant to security as only programs which the user is allowed to execute are started.
PROGRAM = *DEFAULT
The program to be started is determined on the basis of the currently set default value (see the SHOW-POSIX-USER-DEFAULTS command).
PROGRAM = <posix-pathname 1..1023 without-wild>
The specified program is started.
HOME-DIRECTORY =
Determines the absolute path name of the directory which the user is automatically directed to (login directory) after connecting with POSIX.
This attribute is not relevant to security as it only determines the content of the shell variable HOME and the initial value of the working directory. The protection attributes of files and directories cannot be bypassed in this way.
If the directory does not yet exist it is created and the owner is set to the user number and the group number of the POSIS user ID.
If the directory already exists its attributes remain unchanged and a respective message is output.
HOME-DIRECTORY = *DEFAULT
The directory determined on the basis of the currently set default value (see the SHOW-POSIX-USER-DEFAULTS command).
HOME-DIRECTORY = <posix-pathname 1..1023 without-wild>
Specifies the directory.
RLOGIN-ACCOUNT =
Determines the account number for POSIX access via remote login or NFS.
RLOGIN-ACCOUNT = *NONE
No account number is specified. The account number defined in the home pubset user entry thus remains unchanged for POSIX access.
RLOGIN-ACCOUNT = <alphanum-name 1..8>
The specified account number is entered in the home pubset user entry as the new account number for POSIX access (see the POSIX-RLOGIN-DEFAULT operand in the ADD-USER and MODIFY-USER-ATTRIBUTES commands).
Return codes
(SC2) | SC1 | Maincode | Meaning |
|---|---|---|---|
0 | CMD0001 | No errors | |
64 | SDP0018 | An error has occurred in the S procedure called by the command. | |
65 | CMD2241 | The chargeable subsystem SDF-P is not available. |