Thank you all for your quick responses. Have a great day... Regards, Herman Stocker
-----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Walt Farrell Sent: Thursday, June 25, 2009 1:48 PM To: [email protected] Subject: Re: Racf And SAS problem On Thu, 25 Jun 2009 11:43:03 -0400, Stocker, Herman <[email protected]> wrote: >I have a SAS job that I run without any problems. However, when I had >a co-worker run it he has been getting errors. > >First he got error when starting the job: > >ICH408I USER(IMSSB ) GROUP(@UNIXAPP) NAME(BARKEY, STEVE ) 609 > /u/imssb CL(DIRSRCH ) FID(01E3E2D6D4F0F9001627000000000003) > INSUFFICIENT AUTHORITY TO CHDIR > ACCESS INTENT(--X) ACCESS ALLOWED(OTHER ---) > EFFECTIVE UID(0000007096) EFFECTIVE GID(0000007000) The message should be reasonably self-explanatory to those who understands UNIX access control, and if you have such persons at your shop I suggest contating them for assistance. Alternatively, I would hope that the SAS folks could help you. But in a nutshell, either /, /u, or /u/IMSBB has the wrong permissions or the wrong ownership (probably permissions). UNIX users need eXecute authority to traverse directories, and your user is neither the owner of the directory in question, nor is any of his groups the owning group for the directory in question, and so he is using the permissions for "other" (sort of like UACC in RACF profiles). You need to find that directory, and either change its ownership, or change its permission bits to grant eXecute to "other", or connect the user to the right group that owns the directory, or create an ACL (access list) on that directory that grants the user or one of his groups eXecute acess. The UNIX "ls" command can tell you the permissions of each of those directories. Or there's an AUDITID tool on the UNIX Tools and Toys web page that can perhaps tell you directly based on that FID value. I would guess it's the IMSBB directory that's setup incorrectly, though. You probably want it to have permissions 755 (Read/Write/eXecute for owner, R-X for owning group, R-X for other), which the UNIX "chmod" command can set for you. For any extended discussion of how this all works (UNIX and file security not SAS specifically), the MVS-OE mailing list is probably a better place. -- Walt Farrell, CISSP IBM STSM, z/OS Security Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html - -- The sender believes that this E-mail and any attachments were free of any virus, worm, Trojan horse, and/or malicious code when sent. This message and its attachments could have been infected during transmission. By reading the message and opening any attachments, the recipient accepts full responsibility for taking protective and remedial action about viruses and other defects. The sender's employer is not liable for any loss or damage arising in any way from this message or its attachments. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
