
You must also assign a default group in all z/OS UNIX System Services userids and give the users access to any supplemental groups needed.įor more information about the Hierarchical File System and setting file permissions, see the following IBM guides: Under CA ACF2, you must define a UID for each z/OS UNIX System Services user and a GID for each group that accesses z/OS UNIX System Services.

For example, permissions can be defined so that the file owner gets READ and WRITE access, a member of the file's group gets only READ access, and all other users get neither READ nor WRITE access. Three different access levels (READ, WRITE, and EXECUTE) can be set for any of these three categories. All other users defined to z/OS UNIX System Services The other three categories of users can access each directory and file in the HFS. The access flags include the sticky bit, the setuid on execution, and the setgid on execution. The first position represents special access flags while the remaining three are the permission categories. Normally each file or directory saves the access permissions in the form of four octal numbers nnnn. This assignment is defined and saved in the file system, not in the external security product. Each file and directory is assigned an owning UID and an owning GID. Security for the file system directories and files is based on a UNIX model of security. The highest level of the hierarchy is the root directory. Each directory is a member of another directory at a higher level of the hierarchy. Z/OS UNIX System Services files are organized in a hierarchy as in a UNIX system. Process One: Native z/OS UNIX System Services These processes are mutually exclusive, so your site must select which one to use. The second process is external security and uses standard CA ACF2 security rules to secure the HFS/zFS. The first process is internal to z/OS UNIX System Services and is based on a UNIX model of security. With CA ACF2 Security, there are two processes that a site can use to secure the Hierarchical File System (HFS) and zFS. The following sections summarize the main features and differences.The following describes the two options that sites can choose from to controlling access to the Hierarchical File System(HFS) and/or zFS. It is allocatedĭynamically or referred using a DD statement (PATH parameter). Physical, sequential data set that resides on DASD. This means that at the I/O level, the file is seen as a single-volume, For basic functions, you can specify an HFSįile in the same panels and batch commands as an z/OS ® data set.įile Manager can access an HFS file as a simulated QSAM/BSAM file. If you are familiar with File Manager functions, there is a convenient Option so that File Manager invokes standard ISPF services to enable On the Access Hierarchical File System panel, select the required.Select option 8 ( HFS) from the Primary Option Menu.įile Manager displays the Access Hierarchical File System panel.

HFS files are organized in a hierarchy of filesĪnd directories in a tree much like UNIX ™.Ī directory can contain files or other subdirectories. A file within z/OS ® UNIX ™ isĬalled an HFS file.

Z/OS ® UNIX ™ provides a Hierarchical File System (HFS)įor z/OS ®. Z/OS ® UNIX ™ System Services (USS) gives the z/OS ® operating system an open standardsĪnd utilities, which you can use to enter shell commands, write shell
