To use Unix services (sometimes known as USS) on z/OS, a userid needs a UserID (UID). This, as on Unix,is an integer. A user can be pre-allocated a permanent UID, or be allocated a UID when when needed. See Automatically assigning unique IDs through UNIX services.
Unique or not Unique?
It is good practice for each userid to have a unique UID. If users share the same UID,
- The users share ownership and access to the same files.
- If you ask for the userid associated with an id – you may get the wrong answer!
However some super users need a id of 0.
You can set this as shared with
altuser colin OMVS(UID(0)SHARED)
Instead of allocating uid(0) you can use the profile BPX.SUPERUSER resource in the FACILITY class to get the authority to do most of the tasks that require superuser authority.
- You can explicitly specify an id which you allocate (this means you need a list of ids and owners, so you know which ids are free).
- You can have z/OS do this for you. See Enabling automatic assignment of unique UNIX identities.
You can use ADDUSER COLIN OMVS(AUTOUID) which allocates an available UID.
Should I used AUTOID?
I run z/OS on a zD&T image. Every 6 months or so there is a new level of z/OS which I can download. I then need to migrate userid, datasets etc to this new system. This is different to a normal customer z/OS where you have an existing system and you migrate a new version of z/OS into it.
I have ZFS file systems for all of my user data.
On the current system my userid COLIN was automatically allocated as 0000990021. Files that I own have this id.
When I get my next system, if I allocate userid COLIN with AUTOUID, it may get a different UID say 990011. Because my userid 990011 is different to the owner of the files 990021, I may not be able to access “my” files.
I could change all of my files to have a new owner (and group), or I could ensure my userid on both systems is the same 990021. Using the same UID was much easier.
How is the range of AUTOIDs defined?
This is done with the RACF FACILITY profile BPX.NEXT.USER. On my system has has
APPLICATION DATA 990041-1000000/990020-1000000
Can I define a model profile?
You can configure OMVS to automatically give a userid a UID (if it does not have one) and define the rest of the OMVS profile using a model OMVS segment. See Steps for automatically assigning unique IDs through UNIX services.
Users need a home directory
Users need a home directory. There are several ways of doing this.
- Give users an entry HOME(‘/u/mostusers’). Every one shares the same directory – not a good idea, because they would all share the SSH keys etc.
- You could specify HOME(‘/u/mostusers/&racuid’) and specify the userid as part of the definition. This could be done in the model profile mentioned above. If you use this method you need to create the directory, for example as part of creating the userid.
- Use automount. See Unix services automount is a blessing and curse. Where you define a template and the hard word is done for you. For example for each userid create a ZFS and use that.
I only use a few userids, so manually allocating the userid and the home directory was easy to do.
Note: If you use automount of a directory, such as /u/, you cannot mount other file systems in /u/; you would have to use a different directory, for example /usr/.
ColinPaice 