Since group administration in POSIX and in BS2000 differs in certain fundamental features (see “Group administration”), POSIX and BS2000 groups exist independently of each other and are therefore also administered separately.
The POSIX group directory is not a component of SRPM/SECOS. Consequently, the root administrator must define and administer the POSIX groups separately in the POSIX group directory /etc/group. The administrator is also responsible for making modifications to a BS2000 user ID (create, change group, delete) separately in the POSIX group directory /etc/group (see "Administering BS2000 and POSIX groups").
The group number is taken from the POSIX user attributes without further checking when the user connects to POSIX. It is therefore up to the POSIX administrator and the root administrator to decide whether to match the GROUP-NUMBER attribute and the corresponding POSIX group entry in a separate action.
A BS2000 group administrator can assume the role of POSIX administrator for the members of his/her group. In order to map the BS2000 group structure to the POSIX group structure, the administrator applies the following convention:
“The group number of the POSIX group which corresponds to the BS2000 group is the same as the group number of the BS2000 group administrator.”
A BS2000 group administrator has the following permissions:
The administrator may forward the group number to the BS2000 group members. If a higher-level group administrator takes over the group of the original administrator, he/she can only be assigned this group number.
The administrator can exclude a BS2000 group member from the POSIX group by assigning this member the default group number.
Further administration of the POSIX groups must be performed centrally by a POSIX administrator.
Example
The BS2000 group with the group name A5 contains the following users:POSIXTST, POSIX001 and POSIX002
The BS2000 group with the group name A7 contains the following users:MANUAL01 and MANUAL02.
When using POSIX, groups with both group number 5 (POSIXTST, POSIX001 and POSIX002) and group number 7 (MANUAL01 and MANUAL02) can be defined. However, double membership of both groups - e.g. if MANUAL01 also wishes to become a member of the group with number 5 - is only possible if the definition of the BS2000 group is altered.
Administering the POSIX group catalog /etc/group of the POSIX shell
Every user is allocated to a user group once the BS2000 system administrator has assigned him/her a numeric group number. In the POSIX group catalog /etc/group, the POSIX administrator or a user with root authorization can assign this group number a group name or define a new user group.
There is no equivalent to the POSIX group catalog /etc/group in BS2000.
The POSIX group catalog /etc/group system file is set up during initial installation. It consists of lines with the following format:
groupname: : groupnumber : userid[,...] |
groupname
Name to be assigned for this group.
groupnumber
Numeric group number which was defined in the BS2000 user catalog SYSSRPM. A group name can be assigned to this group number via <groupname>.
userid
One or more user IDs which are to be included in this user group. If two or more user IDs are specified, you must separate them with a comma.
The same user ID can be used in several user groups.
The entries must be separated from each other by a colon. If you omit the entry for the password, you still have to specify the following colon. In each case, entries for every user group must begin in a new line.
The POSIX group catalog /etc/group file contains the following user groups after the initial installation:
SYSROOT (Groupnumber: 0, Member : SYSROOT) OTHER (Groupnumber: 1) SYSBIN (Groupnumber: 2) SYSSYS (Groupnumber: 3, Members: SYSROOT, SYSBIN) MAIL (Groupnumber: 6, Member : SYSROOT) TTY (Groupnumber: 7) LP (Groupnumber: 8) USROTHER (Groupnumber: 100) DFS_STARTGID (Groupnumber: 2000)