Two solutions: 1) change the 'other' permission bits of /var/zosmf/configuration/ configuration_planned.cfg to -w- to allow all users to write to the file 2) Define an ACL (access control list) with the setfacl command to allow IZUSVR update access to /var/zosmf/configuration/configuration_planned.cfg.
Bob Young On Sat, Apr 16, 2016 at 3:29 PM, Jesse 1 Robinson <[email protected]> wrote: > I'm trying to get z/OSMF working under 2.1. We ran it in a limited way for > years before 2.1, but the pioneering z/OSMF guy is gone, and I'm trying to > revive it. In particular I'm getting a RACF error starting the second > z/OSMF task IZUSVR1. I get this: > > SCEUJI04I STC IZUSVR1 STARTED 11.29.43 16 APR 16 > IEF403I IZUSVR1 - STARTED - TIME=11.29.43 > ICH408I USER(IZUSVR ) GROUP(IZUADMIN) NAME(ZOSMF STARTED TASK U) > /var/zosmf/configuration/configuration_planned.cfg > CL(DIRACC ) FID(C2E2F3F0F0F605710000000000020001) > INSUFFICIENT AUTHORITY TO OPEN > ACCESS INTENT(-W-) ACCESS ALLOWED(OTHER ---) > EFFECTIVE UID(0000900700) EFFECTIVE GID(0000900698) > SCEACT01I STEP ZPARM IZUSVR1 CPU 00:00:00.01 CC=0016 > > IIRC DIRACC is phantom error because there is no such class. Something is > defined wrong. The ZFS containing /var/zosmf/ is 'SPP.IZU.ZFS', covered by > RACF profile 'SPP.IZU.ZFS*'. Group IZUADMIN has ALTER access to this > profile. > > I'm a total bumbler when it comes to USS authorization. What else do I > need to look at? P.S. cannot post to RACF-L because the confirmation email > for my current sce.com userid gets blocked by corporate policy (Sender > field is blank as if spam). > > > > . > . > . > J.O.Skip Robinson > Southern California Edison Company > Electric Dragon Team Paddler > SHARE MVS Program Co-Manager > 323-715-0595 Mobile > 626-302-7535 Office > [email protected]<mailto:[email protected]> > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
