[prev in list] [next in list] [prev in thread] [next in thread] 

List:       racf-l
Subject:    Re: Help with Unix Permissions and Files in z/OS
From:       Lizette Koehler <starsoul () MINDSPRING ! COM>
Date:       2013-11-20 13:21:11
Message-ID: 01f701cee5f3$623d6f10$26b84d30$ () mindspring ! com
[Download RAW message or body]

Thank you everyone for this education.

I now have a better basis for understanding the UNIX permissions that RACF
handles.

I will definitely review everything everyone has supplied.

And as always, thank you Robert for the options for research.

Lizette


> -----Original Message-----
> From: RACF Discussion List [mailto:RACF-L@LISTSERV.UGA.EDU] On Behalf
> Of Robert S. Hansel (RSH)
> Sent: Wednesday, November 20, 2013 6:07 AM
> To: RACF-L@LISTSERV.UGA.EDU
> Subject: Re: Help with Unix Permissions and Files in z/OS
>
> Lizette,
>
> One tool that might be of help to you is auditid. It is a free tool
provided by IBM that
> will help you identify an object by its FID. The ICH408I message supplies
the FID of
> the object where the violation occurred. Here is a link to the page with
all the Unix
> tools.
>
> http://www-03.ibm.com/systems/z/os/zos/features/unix/bpxa1ty2.html
>
> As for the changing mode, it could be any number of things. I suggest
looking at
> SMF records to see if you can identify what processes may be creating or
changing
> the characteristics of the file and its parent directories. To gather the
necessary
> data, you may need to put auditing on some of the directories. And in
SETROPTS,
> ensure you have the following
> setting: LOGOPTIONS(ALWAYS(FSSEC)),
> LOGOPTIONS(FAILURES(PROCESS PROCACT, IPCOBJ)), and AUDIT(FSOBJ
> IPCOBJ PROCESS). Try looking first at SMF unload event records DACCESS,
> FACCESS, MKDIR, and CHMOD. There may be others that could be applicable to
> this situation, so refer to the Macros and Interfaces manual.
>
> Regards, Bob
>
> Robert S. Hansel
> Lead RACF Specialist
> RSH Consulting, Inc.
> 617-969-8211
> www.linkedin.com/in/roberthansel
> https://twitter.com/RSH_RACF
> www.rshconsulting.com
> ---------------------------------------------------------------------
> 2013-2014 RACF Training
> - Audit & Compliance Roadmap - Boston - APR 22-25, 2014
> - Intro & Basic Admin - WebEx - FEB 3-7, 2014
> - Intro & Basic Admin - WebEx - JUN 9-13, 2014
> - Securing z/OS UNIX  - WebEx - DEC 3-6, 2013
> - Securing z/OS UNIX  - WebEx - MAR 4-7, 2014
> ---------------------------------------------------------------------
>
> -----Original Message-----
> Date:    Tue, 19 Nov 2013 14:45:02 -0500
> From:    Lizette Koehler <starsoul@MINDSPRING.COM>
> Subject: Help with Unix Permissions and Files in z/OS
>
> Hello,  I have a situation that I am not understanding with RACF and UNIX
on z/OS.
> We are z/OS V1.12
>
> I have a product that runs on several LPARs.  On only ONE LPAR I am seeing
> ICH408I messages indicating that access is not allowed.  But all the other
LPARs
> are not having this issue.  We cycled the task yesterday and it no longer
was an
> issue.  Now today it is back.
>
> The message we are getting are:
>
> ICH408I USER(sysuser) GROUP(STCuser) NAME(user)
>   /appl/ggate/DB2A/dirchk/EDB2TD1.cpe
>   CL(FSOBJ   ) FID(00000788000018D30000000000000000)
>   INSUFFICIENT AUTHORITY TO OPEN
>   ACCESS INTENT(RW-)  ACCESS ALLOWED(OTHER      ---)
>   EFFECTIVE UID(0000004856)  EFFECTIVE GID(0000003060)
>
> Now the ALLOWED(OTHER is confusing as the info I would have expected is
> ALLOWED(GROUP
>
> the --- is confusing as I have 664 for access on the file.
>
> And throughout the day the --- could change to RW-   -WX
>
> Has anyone see this type of issue or could help me understand what might
cause
> the process to alter so much from what is expected?  I am limited in my
RACF
> knowledge of Unix and need some guidance or direction or places to look.
>
> If there are display commands I could use or RACF Records I could look at,
that will
> be helpful to know.
>
> Thanks
>
> Lizette
[prev in list] [next in list] [prev in thread] [next in thread]