UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The user account for the z/OS UNIX BPXROOT is not properly defined.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6988 ZUSS0044 SV-7291r2_rule DCCS-1 DCCS-2 Medium
Description
User identifiers (ACF2 logonids, RACF userids, and Top Secret ACIDs), groups, and started tasks that use z/OS UNIX facilities are defined to an ACP with attributes including UID and GID. If these attributes are not correctly defined, data access or command privilege controls could be compromised.
STIG Date
z/OS RACF STIG 2015-03-27

Details

Check Text ( C-3906r1_chk )
a) Refer to the following reports produced by the ACP Data Collection:

ACF2
- ACF2CMDS.RPT(OMVSUSER)
- ACF2CMDS.RPT(LOGONIDS)
RACF
- RACFCMDS.RPT(LISTUSER)
TSS
- TSSCMDS.RPT(@ACIDS)

b) If BPXROOT is defined as follows, there is NO FINDING:

1) No access to interactive on-line facilities (e.g., TSO, CICS, etc.)
2) Default group specified as OMVSGRP or STCOMVS
3) UID(0)
4) HOME directory specified as “/”
5) Shell program specified as “/bin/sh”

c) If BPXROOT is not defined as specified in (b) above, this is a FINDING.

Fix Text (F-18963r1_fix)
The systems programmer will verify that BPXROOT is defined as specified below:

) No access to interactive on-line facilities (e.g., TSO, CICS, etc.)
2) Default group specified as OMVSGRP or STCOMVS
3) UID(0)
4) HOME directory specified as “/”
5) Shell program specified as “/bin/sh”