Steps for setting up BPX.SUPERUSER

Before you begin: You need to know which users need to have superuser authority.

Perform the following steps to set up BPX.SUPERUSER.

  1. Define the BPX.SUPERUSER resource in the FACILITY class.
    RDEFINE FACILITY BPX.SUPERUSER UACC(NONE)

    You must use the name BPX.SUPERUSER. Substitutions for the name are not allowed.

    _______________________________________________________________

  2. If this is the first FACILITY class profile that the installation has defined, activate the FACILITY class with the SETROPTS command.
    SETROPTS CLASSACT(FACILITY)
    SETROPTS RACLIST(FACILITY)

    _______________________________________________________________

  3. Permit all users who need superuser authority to this profile. Use the RACF® commands shown in the following example, which give the user ID SYSPROG permission to use the su command to obtain superuser authority. It is assumed that the default group for SYSPROG is set up with a GID.
    ALTUSER SYSPROG OMVS(UID(7) HOME('/u/sysprog') PROGRAM('/bin/sh'))
    PERMIT BPX.SUPERUSER CLASS(FACILITY) ID(SYSPROG) ACCESS(READ)

    _______________________________________________________________

When you are done, you have set up the BPX.SUPERUSER resource in the FACILITY class and permitted the users who need to have superuser authority. When they need to perform superuser tasks, they can switch to superuser mode using the su command or the Enable superuser mode (SU) option in the ISPF shell.

Tips:
  1. Instead of using BPX.SUPERUSER to permit users to have superuser authority, you could define a group, for example, SUPERUSR. You could then add users who need superuser permission to the group.

    To add the user ID SYSPROG to the SUPERUSR group:

    CONNECT (SYSPROG) AUTH(USE) GROUP(SUPERUSR) OWNER(SYS1) GRPACC
    Then permit this group to BPX.SUPERUSER.
    PERMIT BPX.SUPERUSER CLASS(FACILITY) ID(SUPERUSR) ACCESS(READ)
  2. As an alternative to assigning superuser authority, you can define which superuser attributes a given user is to have, and which system resource limits are to be defined for the user.