Modify POSIX user attributes.
Domain: | USER-ADMINISTRATION |
Privileges: | POSIX-ADMINISTRATION |
This command modifies the POSIX user attributes of a BS2000 user ID in the user catalog of the specified pubset.
Whenever a new BS2000 user ID is created, the POSIX user attributes with the default values are automatically assigned (see "Assigning POSIX user attributes"). These POSIX user attributes can be modified as required. The following users are authorized to do this:
Owners of the POSIX-ADMINISTRATION or USER-ADMINISTRATION privilege for all BS2000 user IDs on all pubsets.
Group administrators for their assigned group and subgroup members on the pubset which they are responsible for administering. However, the following restrictions apply to a group administrator:
The administrator’s ADM-AUTHORITY authorization determines the POSIX user attributes which he/she is authorized to administer.
The value range of the POSIX user attributes is restricted for the administrator.
Further details on the above are available in the description of the corresponding operands.
Additionally the EDIT-POSIX-USER-ATTRIBUTES command is available which can be used to show and modify the current settings.
Format
MODIFY-POSIX-USER-ATTRIBUTES |
USER-IDENTIFICATION = <name 1..8> ,PUBSET = *HOME / <catid 1..4> ,USER-NUMBER = *UNCHANGED / *BY-POSIX-USER-DEFAULTS / *HOME / <integer 0..60002> ,GROUP-NUMBER = *UNCHANGED / *BY-POSIX-USER-DEFAULTS / *GROUP-ADMINISTRATOR / <integer 0..60002> ,COMMENT = *UNCHANGED / *BY-POSIX-USER-DEFAULTS / *NONE / <c-string 1..255 with-low> ,DIRECTORY = *UNCHANGED / *BY-POSIX-USER-DEFAULTS / *ROOT / <posix-pathname 1..1023 without-wild> ,PROGRAM = *UNCHANGED / *BY-POSIX-USER-DEFAULTS / *SHELL / <posix-pathname 1..1023 without-wild> |
Operands
USER-IDENTIFICATION = <name 1..8>
BS2000 user ID whose POSIX user attributes are to be modified.
PUBSET =
Pubset in whose user directory the POSIX user attributes are to be modified.
PUBSET = *HOME
The home pubset is modified.
PUBSET = <catid 1..4>
The pubset with the specified catalog ID is modified.
USER-NUMBER =
The user number which is assigned automatically during creation of a BS2000 user ID can be modified.
The USER-NUMBER attribute is relevant for security since the user number confers privileges and determines the owner of a file.
The group administrator can only modify the user number if he/she holds at least the MANAGE-MEMBERS group administrator privilege. Even then, he/she cannot use the full range of values:
The administrator cannot assign the user number 0, i.e. root authorization.
The administrator can only modify the default user number.
The administrator can only assign user numbers which are greater than the default user number.
The administrator cannot assign user numbers more than once.
On a data pubset the administrator can only assign the user number of the BS2000 user ID of the same name on the home pubset.
USER-NUMBER = *UNCHANGED
The user number is not modified.
USER-NUMBER = *BY-POSIX-USER-DEFAULTS
The user number receives the corresponding default value, which is entered in the user directory of the specified pubset.
USER-NUMBER = *HOME
The user number of the BS2000 user ID of the same name on the home pubset is accepted.This value is only significant if the user number is modified on a data pubset. This specification is redundant on the home pubset.
USER-NUMBER = <integer 0..60002>
The user number receives the specified value.
GROUP-NUMBER =
The group number which is automatically assigned during creation of a BS2000 user ID can be modified.
The GROUP-NUMBER attribute is relevant for security since, at login, POSIX does not check the validity of the combination BS2000 user ID and group against the POSIX group directory.
The group administrator can only modify the group number if he/she holds the MANAGE-MEMBERS group administrator privilege. Even then, he/she does not have access to the full range of values:
The administrator can only assign the group number owned by the group administrator of the BS2000 user group of which the BS2000 user ID is a member, or the default group number.
The administrator can assign no other group number for his/her own BS2000 user ID.
GROUP-NUMBER = *UNCHANGED
The group number is not modified.
GROUP-NUMBER = *BY-POSIX-USER-DEFAULTS
The group number receives the appropriate default value which, is entered in the user catalog of the specified pubset.
GROUP-NUMBER = *GROUP-ADMINISTRATOR
The group number owned by the group administrator of the BS2000 user group of which the BS2000 user ID is a member is assigned.
GROUP-NUMBER = <integer 0..60002>
The group number receives the specified value.
COMMENT =
The comment can be modified. Further information on the owner of the BS2000 user ID can be specified at the administrator’s discretion.
Note
This comment is, for example, used by mail programs to describe the sender.
COMMENT = *UNCHANGED
The comment is not modified.
COMMENT = *BY-POSIX-USER-DEFAULTS
The value of the appropriate POSIX default attribute, which is entered in the user catalog of the specified pubset, is assigned.
COMMENT = *NONE
No comment is entered.
COMMENT = <c-string 1..255 with-low>
The specified comment is entered.
DIRECTORY =
The absolute path name to the login directory of the user can be modified.
This attribute is not relevant for security since it only determines the contents of the HOME shell variables and the initial value of the working directory. It does not offer a way of bypassing the protection attributes of files and directories.
DIRECTORY = *UNCHANGED
The absolute path name is not modified.
DIRECTORY = *BY-POSIX-USER-DEFAULTS
The value of the appropriate POSIX default attribute, which is entered in the user catalog of the specified pubset, is assigned.
DIRECTORY = *ROOT
The root directory “/” is allocated.
DIRECTORY = <posix-pathname 1..1023 without-wild>
The specified path name is accepted.
PROGRAM =
The program which is started either by the rlogin command or by calling the /START-POSIX-SHELL command can be modified.
This attribute is not relevant for security since only those programs which the user is authorized to execute can be started.
PROGRAM = *UNCHANGED
The program is not modified.
PROGRAM = *BY-POSIX-USER-DEFAULTS
The value of the appropriate POSIX default attribute, which is entered in the user catalog of the specified pubset, is assigned.
PROGRAM = *SHELL
The POSIX shell is started.
PROGRAM = <posix-pathname 1..1023 without-wild>
The specified program is started.
Command return codes
| (SC2) | SC1 | Maincode | Meaning |
| 0 | CMD0001 | Command executed without errors | |
| 2 | 0 | SRM6001 | Command executed with warning |
| 32 | SRM6020 | Command rejected due to system error | |
| 130 | SRM6030 | Command rejected because of unavailable resources | |
| 64 | SRM6040 | Command rejected with error message |
Examples
The POSIXTST user ID is to be assigned user number 107 and group number 66. The login directory (home directory) is to be named /home/posixtst and the Bourne shell is to be called after logging in to POSIX. The comment is to read “posix-user@posix-server.com”.
/MODIFY-POSIX-USER-ATTRIBUTES USER-ID=POSIXTST, - / USER-NUMBER=107, - / GROUP-NUMBER=66, - / DIRECTORY=/home/posixtst, - / COMMENT='posix-user@posix-server.com'
The PSXROOT user ID is to be assigned the root authorization. /home/psxroot is to be entered as the home directory.
/MODIFY-POSIX-USER-ATTRIBUTES USER-ID=PSXROOT, - / USER-NUMBER=0, - / GROUP-NUMBER=0, - / DIRECTORY=/home/psxroot