The following permissions are required for installing and running Tectia Server for IBM z/OS:
Write access to the /opt
directory is required during
the installation.
The setup script uses the extattr command
to make the server program, /opt/tectia/sbin/sshd2
,
program-controlled. To issue the command, the user account running the setup must
have read access to the BPX.FILEATTR.PROGCTL
facility.
The user account running the setup must have an OMVS segment and the UID 0.
It is recommended that a user account, SSHD2
, is
created for running Tectia Server for IBM z/OS, see
Creating the SSHD2
User:
The user account running the server must have an OMVS segment and the UID 0.
If the BPX.DAEMON FACILITY
class profile is defined,
the user must have read access to it.
Required: An OMVS segment
Optional: A home directory. It is required if public key user authentication is used or if the account requires user-specific configuration, for example, environment variables for the file transfer subsystem.
Required: An OMVS segment
Optional: A home directory. It is required if public key user authentication is used or if the account requires user-specific configuration, for example, profiles for remote hosts.
CEE.SCEERUN
and CEE.SCEERUN2
libraries must be available in LPALIB
or
LNKLST
.
CEE.SCEERUN2
must be program-controlled.
The server must be allowed to listen to port 22 (or other configured Secure Shell port).
If the server host key or the user keys are going to be stored in the System Authorization Facility (SAF), additional permissions are required. See Using the z/OS System Authorization Facility for more information.