STIGQter: STIG Summary: IBM z/OS RACF Security Technical Implementation Guide Version: 8 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: IBM z/OS RACF Security Technical Implementation Guide Version: 8 Release: 3 Benchmark Date: 23 Apr 2021:SV-223862r604139_rule
V-223862
SRG-OS-000104-GPOS-00051
RACF-US-000250
CAT II
10
Define users of z/OS UNIX (i.e., users with an OMVS profile defined) as follows:
-A unique UID number (except for UID(0) users)
-A unique HOME directory (except for UID(0) and other system task accounts)
-Shell program specified as “/bin/sh”, “/bin/tcsh”, “/bin/echo”, or “/bin/false”
NOTE: The shell program must have one of the specified values. The HOME directory must have a value (i.e., not be allowed to default).
From a z/OS command screen enter:
LISTUSER * OMVS NORACF
NOTE: This check only applies to users of z/OS UNIX (i.e., users with an OMVS profile defined).
If each user account with an OMVS segment is defined as follows, this is not a finding.
-A unique UID number (except for UID(0) users)
-A unique HOME directory (except for UID(0) and other system task accounts)
-Shell program specified as “/bin/sh”, “/bin/tcsh”, “/bin/echo”, or “/bin/false”
NOTE: The shell program must have one of the specified values. The HOME directory must have a value (i.e., not be allowed to default).
V-223862
False
RACF-US-000250
From a z/OS command screen enter:
LISTUSER * OMVS NORACF
NOTE: This check only applies to users of z/OS UNIX (i.e., users with an OMVS profile defined).
If each user account with an OMVS segment is defined as follows, this is not a finding.
-A unique UID number (except for UID(0) users)
-A unique HOME directory (except for UID(0) and other system task accounts)
-Shell program specified as “/bin/sh”, “/bin/tcsh”, “/bin/echo”, or “/bin/false”
NOTE: The shell program must have one of the specified values. The HOME directory must have a value (i.e., not be allowed to default).
M
4101