IBM Security Z Security

Security for Z

Join this online user group to communicate across Z Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  zSecure Report for finding Users with UID(0) who can SHARE Home directories

    Posted Mon October 07, 2024 05:26 PM

    I am trying to generate a report of all users with UID(0) who have ability to 'share' directories, particularly 'home' directories.  Is there such an attribute that can be used in a custom zCarla report to generate this type of report for an audit request?  Many thanks for your help in this forum!

    Lynn Gilson



    ------------------------------
    Lynn Gilson
    Lynn
    ------------------------------


  • 2.  RE: zSecure Report for finding Users with UID(0) who can SHARE Home directories

    Posted Tue October 08, 2024 03:26 AM

    Hi Lynn,

    Superuser can always create and write files and sub-directories anywhere in the UNIX filesystem. But if I understand your requirement correctly, you want to report users with UID(0) that share their home directory in the UNIX file system. If that is the case, you might want to give this CARLa code sample a try:

    newlist type=racf t='UNIX superusers that share their home directory',
        empty='No UNIX superusers share their home directory'         
 select segment=omvs uid=0                                            
 sortlist key('Userid',8) :name                                  
 summary home(30) count(>1)

    Notes:

    • In  the select statement, all users with an OMVS segment that contains UID(0) are selected.
    • The sortlist statement reports the selected userids and their assigned user name.
    • The summary statement count how often the same home directory is found for these UID(0) userids, and the count(>1) threshold causes that only home directories are reported that are assigned to more that 1 UID(0) userid. 

    When I run this CARLa on my development system, the output looks like:

    P R O F I L E   L I S T I N G    7 Oct 2024 23:45                 
UNIX superusers that share their home directory                   
                                                                  
Home directory                 Count Userid   Name                
                                   6                              
                                     CRMAUTO  ZTEAM AUTOTASKS     
                                     LDAPSRV  LDAP SERVER USER    
                                     MVSNFS   NETWORK FILE SERVER 
                                     STRCONS  STC VOOR TSO CONSOLE
                                     STRTASK  DIV STARTED TASK USR
                                     STRTASK2 DIV STARTED TASK USR
/                                 10                              
                                     BPXROOT  ROOT USER   
                                     CEA                          
                                     HZSUSER                      
                                     IKED                         
                                     M91AAMSM DB2 STARTED TASK    
                                     OMVSKERN STARTED TASK?       
                                     PAGENT                       
.... snap ....

    I hope this helps.



    ------------------------------
    Tom Zeehandelaar
    z/OS Security Enablement Specialist - zSecure developer
    IBM
    ------------------------------

    Original Message


  • 3.  RE: zSecure Report for finding Users with UID(0) who can SHARE Home directories

    Posted Tue October 08, 2024 10:55 AM

    Hello Tom,

    Thanks very much for your help.  I was chasing the RE.U.F  filesystem and it gave me a very verbose report.  Your is more succinct and simpler for these auditors.  

    Thanks again,

    Lynn Gilson

    Ensono Corp.



    ------------------------------
    Lynn Gilson
    Lynn
    ------------------------------

    Original Message


Related Content