Hi List,
Amazing response by so many members, very much appreciated. Just to close the
loop, I don't have Vista so that's out. The Unix display that I re-typed was
with the + in front of the 755. From the follow-on copy and pastes below of
your suggested commands it shows I have 2 USER ACL's defined somewhere in RACF
that are likely the cause of my access issues when I try to rename this file in
a simulated DR test scenario.
I issued the GETFACL command as suggested and that display is copied and pasted
below.
$ getfacl SYSTEM/etc/pagent_TTLS.conf
#file: SYSTEM/etc/pagent_TTLS.conf
#owner: 30456
#group: SYS1
user::rwx
group::r-x
other::r-x
user:DRTSTCPY:-w-
user:DREVTCPY:-w-
I also displayed file attributes in TSO ishell and that display is copied and
pasted below
TSO ishell
Display File Attributes (Option 2 or A)
Pathname : /SYSTEM/etc/pagent_TTLS.conf
More: +
File type . . . . . . : Regular file
Permissions . . . . . : 755 rwxr-xr-x
Access control list . : 1
File size . . . . . . : 8562
File owner . . . . . : (30456)
Group owner . . . . . : SYS1(2)
Last modified . . . . : 2021-03-25 16:09:34
Last changed . . . . : 2021-07-01 11:01:20
Last accessed . . . . : 2021-07-02 09:10:43
Created . . . . . . . : 2020-10-25 01:46:59
Link count . . . . . : 1
Pathname : /SYSTEM/etc/pagent_TTLS.conf
More: - +
Link count . . . . . : 1
Set UID bit . . . . . : 0
Set GID bit . . . . . : 0
Sticky bit . . . . . : 0
Auditor audit . . . . : R= W= E=
User audit . . . . . : R= F W= F E= F
Device number . . . . : 4
Inode number . . . . : 53
Major device . . . . : 0
Minor device . . . . : 0
File format . . . . . : NA
Pathname : /SYSTEM/etc/pagent_TTLS.conf
More: -
Major device . . . . : 0
Minor device . . . . : 0
File format . . . . . : NA
Shared AS . . . . . . : 1
APF authorized . . . : 0
Program controlled . : 0
Shared library . . . : 0
Char Set ID/Text flag : 00000 OFF
Directory default ACL : 0
File default ACL . . : 0
Seclabel . . . . . . :
I also displayed the file in TSO ISPF 3.17 and that display is below as well as
the follow-on display manage ACL's
TSO ISPF 3.17 Display
z/OS UNIX Directory List Row 29 to 43 of 65
Command ===> Scroll ===> CSR
Pathname . : /SYSTEM/etc
Command Filename Message Type Permission Audit Ext Fmat
-------------------------------------------------------------------------------
pagent_TTLS.con File rwxr-xr-x+ fff--- --s- ----
OPTION # 23 Manage ACLs Display
z/OS UNIX ACL List Row 1 from 2
Command ===> Scroll ===> CSR
S UID Read Write eXecute Name Type
69234537 W DRTSTCPY USER
69234538 W DREVTCPY USER
Sent from Outlook<http://aka.ms/weboutlook>
________________________________
From: IBM Mainframe Discussion List <[email protected]> on behalf of
fred glenlake <[email protected]>
Sent: July 1, 2021 1:43 PM
To: [email protected] <[email protected]>
Subject: Unix Permissions Display Question
Hi List,
I am trying to understand what I am seeing when I display my /SYSTEM/etc files
especially for my PAGENT files. I re-typed the display below:
Type Perm Permission Owner Filename
File 755 rwxr-xr-x BPXROOT pagent_TTLS.bkup20191118
File +755 +rwxr-xr-x pagent_TTLS.conf
File 755 rwxr-xr-x BPXROOT pagent_TTLS.conf.oldcert
I am really interested in what the "+" means in front of the 755 and the
permissions rwxr-xr-x. I think it means the file pagent_TTLS.conf is somehow
protected externally by RACF but I am not sure. I have not been able to
locate a redbook or manual that tells me what the "+" means. In a CHMOD
command the + means adding permissions, that I know (or think I know). I am
not a z/UNIX guru by any stretch of the imagination. I am hoping someone can
enlighten me please. Also if it is externally protected how I could go about
displaying the RACF protection or profile or ?? I have a started task that
tries to copy in an new version of this file when we do a DR test but my
started task fails and I need to do it manually as SuperUser.
Thanks,
FredG.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
