Step 2. Creating User IDs

Server administrator ID (iadmin)

The installation of a server requires an ID to install and own the files as well as to administer the server; this is also known as the iadmin ID. The iadmin ID should:

This documentation refers to the server administrator ID, which you use to install and administer the server, as the iadmin ID, but you can name it anything you want. If you name it something other than iadmin, you will need to create a second ID, literally named iadmin, for the DVD library to properly unload. If you do not use this literal iadmin ID to install and own the files, you can remove it after installation.

While logged on as QSECOFR, create the server administrator ID and home directory using the following sample code:

CRTUSRPRF USRPRF(IADMIN) PASSWORD(MYPASS) HOMEDIR('/home/iadmin')
 CCSID(37) TEXT('Server Administrator ID') DLVRY(*NOTIFY)
QSH CMD('mkdir /home/iadmin')
QSH CMD('chmod 755 /home/iadmin')
QSH CMD('chown iadmin /home/iadmin')

Running the server in secured mode also requires that particular files have their ownership changed to QSECOFR (this step is done after installation).

User IDs

End users of the server will also require an ID and password created/configured for the Security Provider modes a server is using. For the OPSYS Security Provider mode, no special authorities or setup parameters are needed for the IDs.

To keep the server secure, you should make the iadmin ID available only to users that require server administrative privileges.

Server system ID (iserver)

You have the option of creating a user ID that is QSECOFR for internal use by the server to proxy the authority of QSECOFR. We call this the Server system ID (iserver). The ID can be an account that is never used for logging in. You might wish to create an iserver ID if, for example, you do not want certain server processes to appear as owned by QSECOFR.

To create iserver, issue the following command

CRTUSRPRF USRPRF(id) PASSWORD(*NONE) USRCLS(*SECADM)
TEXT('Server System Security ID') SPCAUT(*SECADM *ALLOBJ *JOBCTL)

where:

id

Is the name of the actual iserver ID.


iWay Software