Security considerations

If you want to collect all relevant z/OS® UNIX® data, you must have access to all UNIX directories, including the root directory. This access ensures that all z/OS UNIX data is collected.

To allow the Inquisitor unrestricted read access to all z/OS UNIX files, consider using the UNIXPRIV RACF® Resource Class, which alleviates the need for UID(0).

The following sample definition can be used by your Security Administrator to define, permit, activate, and RACLIST the RACF UNIXPRIV Class:

RDEL UNIXPRIV SUPERUSER.FILESYS.**                               
RDEF UNIXPRIV SUPERUSER.FILESYS.** UACC(NONE) OWNER(IBMUSER)     
PE  SUPERUSER.FILESYS.** CLASS(UNIXPRIV) RESET                   
PE  SUPERUSER.FILESYS.** CLASS(UNIXPRIV) ID(USERONE) ACCESS(READ)
SETR CLASSACT(UNIXPRIV)                                          
SETR RACLIST(UNIXPRIV)                                           
SETR RACLIST(UNIXPRIV) REFR