eTrust CA-Top Secret Security for z/OS and OS ... - SupportConnect
eTrust CA-Top Secret Security for z/OS and OS ... - SupportConnect eTrust CA-Top Secret Security for z/OS and OS ... - SupportConnect
HFSSEC Control OptionCA SAF HFS EQUIVILENCY TABLEHFSSEC(OFF) vs. HFSSEC(ON)OS/390 2.8 and aboveUNIX CMDS ACCESS GIVEN HPFSEC(ON) HPFSEC(OFF)CHAUDITAllow a user tochange user auditflagsBPX.CAHFS.CHANGE.FILE.AUDITFLAGSCHANGE_AUDIT_OPTAllow a user tochange a formatof a fileBPX.CAHFS.CHANGE.FILE.FORMATCHECK_FILE_OWNERCHMOD(UID)Allows a user tochange UID filepermission bitBPX.CAHFS.CHANGE.FI.LE.MODEBPX.CAHFS.CHANGE.FILE.MODE.EUIDCHANGE_FILE_MODECHMOD(STICKYBIT)Allows a user tochange Sticky bitfile permissionBPX.CAHFS.CHANGE.FILE.MODEBPX.CAHFS.CHANGE.FILE.MODE.EUIDCHANGE_FILE_MODEBPX.CAHFS.CHANGE.FILE.MODE.STICKYCHMOD(GID)Allows a user tochange GID bitBPX.CAHFS.CHANGE.FILE.MODECHANGE_FILE_MODEBPX.CAHFS.CHANGE.FILE.MODE.EUIDBPX.CAHFS.CHANGE.FILE.MODE.EGIDEXTATTR(ChangeAttributes)Allow a user toturn on APFattribute for anyHFS fileBPX.CAHFS.CHANGE.FILE.ATTRIBUTESSUPERUSER.FILESYS.FILEEXTATTR(ProgramControlled Attribute)Allow users toturn on theprogramcontrolledattributeBPX.CAHFS.CHANGE.FILE.OWNERSUPERUSER.FILESYS.FILECHOWNAllows a user tochangeownership offilesBPX.CAHFS.CHANGE.FILE.OWNERCHANGE_OWNER_GROUP2–20 Cookbook
HFSSEC Control OptionUNIX CMDS ACCESS GIVEN HPFSEC(ON) HPFSEC(OFF)MOUNTAllows a user tomount filesystemsBPX.CAHFS.MOUNTSUPERUSER.FILE.MOUNTUNMOUNTAllows a user toUnmount filesystemsBPX.CAHFS.UNMOUNTSUPERUSER.FILE.MOUNTLINKAllows a user tocreate a link toany HFSdirectoryBPX.CAHFS.CREATE.LINKSUPERUSER.FILESYS.FILERENAMEAllows a user torename an HFSdirectoryNO BPX CALL. HFS TRACESHOWS ONE EVENT.RENAMESUPERUSER.FILESYS.FILEEDIT(OPEN)Allows a user towrite to any HFSfileNO BPX CALL. HFS TRACESHOWS TWO EVENTS:OPEN AND RENAMESUPERUSER.FILESYS.FILEEXTERNAL(LINK)Allows a user tocreate an externallink to any HFSdirectoryBPX.CAHFS.CREATE.EXTERNAL.LINKSUPERUSER.FILESYS.FILESYMBOLIC(LINK)Allows a user tocreate a symboliclink to any HFSdirectoryBPX.CAHFS.CREATE.SYMBOLIC.LINKSUPERUSER.FILESYS.FILECHGRPAllows a user tochange groupsetting for a fileBPX.CAHFS.CHANGE.FILE.GROUPCHANGE_OWNER_GROUPKILLAllows a user tosend signals to aprocessSUPERUSER.PROCESS.GETPSENTSUPERUSER.PROCESS.KILLSU(SWITCH USER)Allows a user toswitch to superuser statusBPX.SUPERUSERSET_EFFECTIVE_UIDControlling Access to the Hierarchical File System 2–21
- Page 79 and 80: Digital Certificate SupportReconnec
- Page 81 and 82: Digital Certificate SupportTSS LIST
- Page 83 and 84: Certificate Name Filtering SupportT
- Page 85 and 86: Certificate Name Filtering SupportI
- Page 87 and 88: Certificate Name Filtering SupportD
- Page 89 and 90: Certificate Name Filtering SupportL
- Page 91 and 92: KerberosKerberosetrust CA-Top Secre
- Page 93 and 94: KerberosThe command syntax for this
- Page 95 and 96: KerberosThe following command creat
- Page 97 and 98: Mapping of Foreign EnvironmentsMapp
- Page 99 and 100: Mapping of Foreign EnvironmentsMapp
- Page 101 and 102: Distributed File Server SMB SUPPORT
- Page 103 and 104: NFS (Network File System)The first
- Page 105 and 106: z/OS and OS/390 Security Server Sup
- Page 107 and 108: z/OS and OS/390 Security Server Sup
- Page 109 and 110: z/OS and OS/390 Security Server Sup
- Page 111 and 112: Chapter2Controlling Access to theHi
- Page 113 and 114: Controlling HFS Using the Native UN
- Page 115 and 116: Controlling HFS Using CA SAF HFS Se
- Page 117 and 118: Securing HFS FunctionsKeywordALLCON
- Page 119 and 120: Securing HFS FunctionsFile Function
- Page 121 and 122: Implementing CA SAF HFS SecurityImp
- Page 123 and 124: HFSSEC Control Option+12—The addr
- Page 125 and 126: HFSSEC Control OptionDiagnosticsThe
- Page 127 and 128: HFSSEC Control OptionUNIX CMDCHMOD(
- Page 129: HFSSEC Control OptionTSSSUTIL EQUIV
- Page 133 and 134: HFSSEC Control OptionExample 1// JO
- Page 135 and 136: HFSSEC Control OptionExample 2// JO
- Page 137 and 138: MessagesMessagesCAS2301EEVENT PROCE
- Page 139 and 140: MessagesCAS2306Wxxxxxxxxxxxxxxx EVE
- Page 141: MessagesCAS2319ITRACEID=aaaaaaaa US
- Page 144 and 145: The SYSPLEX XES FunctionThere are t
- Page 146 and 147: eTrust CA-Top Secret and the SYSPLE
- Page 148 and 149: Defining the Sysplex to eTrust CA-T
- Page 150 and 151: Managing the Coupling FacilityWhen
- Page 152 and 153: Defining SYSTEM LOGGER to eTrust CA
- Page 154 and 155: IMVSECUR/*=========================
- Page 156 and 157: IMVSECUR/*=========================
- Page 158 and 159: IMVSECURFeature RACF eTrust CA-Top
- Page 160 and 161: PERMITIn eTrust CA-Top Secret, all
- Page 163 and 164: Indexcomponent names for z/OS and O
- Page 165 and 166: OpenEdition MVS supportACIDs needed
HFSSEC Control Option<strong>CA</strong> SAF HFS EQUIVILENCY TABLEHFSSEC(OFF) vs. HFSSEC(ON)<strong>OS</strong>/390 2.8 <strong>and</strong> aboveUNIX CMDS ACCESS GIVEN HPFSEC(ON) HPFSEC(OFF)CHAUDITAllow a user tochange user auditflagsBPX.<strong>CA</strong>HFS.CHANGE.FILE.AUDITFLAGSCHANGE_AUDIT_OPTAllow a user tochange a <strong>for</strong>matof a fileBPX.<strong>CA</strong>HFS.CHANGE.FILE.FORMATCHECK_FILE_OWNERCHMOD(UID)Allows a user tochange UID filepermission bitBPX.<strong>CA</strong>HFS.CHANGE.FI.LE.MODEBPX.<strong>CA</strong>HFS.CHANGE.FILE.MODE.EUIDCHANGE_FILE_MODECHMOD(STICKYBIT)Allows a user tochange Sticky bitfile permissionBPX.<strong>CA</strong>HFS.CHANGE.FILE.MODEBPX.<strong>CA</strong>HFS.CHANGE.FILE.MODE.EUIDCHANGE_FILE_MODEBPX.<strong>CA</strong>HFS.CHANGE.FILE.MODE.STICKYCHMOD(GID)Allows a user tochange GID bitBPX.<strong>CA</strong>HFS.CHANGE.FILE.MODECHANGE_FILE_MODEBPX.<strong>CA</strong>HFS.CHANGE.FILE.MODE.EUIDBPX.<strong>CA</strong>HFS.CHANGE.FILE.MODE.EGIDEXTATTR(ChangeAttributes)Allow a user toturn on APFattribute <strong>for</strong> anyHFS fileBPX.<strong>CA</strong>HFS.CHANGE.FILE.ATTRIBUTESSUPERUSER.FILESYS.FILEEXTATTR(ProgramControlled Attribute)Allow users toturn on theprogramcontrolledattributeBPX.<strong>CA</strong>HFS.CHANGE.FILE.OWNERSUPERUSER.FILESYS.FILECHOWNAllows a user tochangeownership offilesBPX.<strong>CA</strong>HFS.CHANGE.FILE.OWNERCHANGE_OWNER_GROUP2–20 Cookbook