Gil, RACF profiles don't govern access to individual Unix files and directories. Access to a file or directory is governed by its individual File Security Packet (FSP) which contains the Owner/User, Group, permissions bits, and Extended Access Control Lists (ACLs). FSPs are stored in the file's or directory's parent directory. There are UNIXPRIV profiles that can override permissions in FSPs to grant access, but they are not specific to an individual file or directory. Superuser also overrides the permissions in FSPs. To better understand how Unix access controls work, see my presentation on UNIXPRIV.
https://www.rshconsulting.com/RSHpres/RSH_Consulting__UNIXPRIV_Class__October_2018.pdf The one RACF class that can have pathnames is FSEXEC for controlling whether the Execute bit will be honored, but that is a special case and would only have a few pathnames specified. Regards, Bob Robert S. Hansel 2024 IBM Champion Lead RACF Specialist RSH Consulting, Inc. 617-969-8211 www.linkedin.com/in/roberthansel www.rshconsulting.com -----Original Message----- Date: Sun, 17 Nov 2024 12:21:27 -0600 From: Paul Gilmartin <paulgboul...@aol.com> Subject: RACF and pathnames Are RACF rules governing UNIX files defined in terms of pathnames? What happens if a multiply linked file has names matching conflicting rules? o if the rules exist prior to the names? o If the names exist prior to the rules? If RACF controls entire filesystems, no problem exists. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
