This might be a great candidate for a submission to the CBT Tape folks. Jerry Whitteridge Lead Systems Programmer Safeway Inc. 925 951 4184
If you feel in control you just aren't going fast enough. -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Jousma, David Sent: Friday, March 14, 2014 6:16 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: SMP/E updates of HFS (was: Handing /etc and /var filesystems) Offline response sent. -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Ken Smith Sent: Thursday, March 13, 2014 5:55 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: SMP/E updates of HFS (was: Handing /etc and /var filesystems) David, would you send me your usermod for handling Java security files. I've been wanting this for years! You should offer this to IBM so they can give it to customers. How many times has Java PTF regressed these files? Brilliant and thank you! Ken Smith mailto://featse...@gmail.com <featse...@gmail.com> State of Maryland On Thu, Mar 13, 2014 at 7:29 AM, Jousma, David <david.jou...@53.com> wrote: > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > On Behalf Of Paul Gilmartin > Sent: Wednesday, March 12, 2014 4:25 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: SMP/E updates of HFS (was: Handing /etc and /var filesystems) > > (snip) > > SMP/E has long had a method for accommodating updates to > ++SRC and ++MAC elements. It involves RESTOREing ++SRCUPD > or ++MACUPD USERMODs (how does one undo IEBUPDTE? I suppose copy back > from the DLIB); APPLYing the PTF; and re-APPLYing the USERMOD. > Something analogous is needed for ++HFS elements, a ++HFSUPD in > USERMODs using > patch(1) instead of IEBUPDTE. > > I find it extraordinary, uniquely bizarre, that z/OS UNIX System > Services installs without a usable /etc/magic or /etc/services. Even > a ++USERMOD entirely replacing a > ++HFS element would provide the needed protection. > > -- gil > > I agree with you that it would be nice if SMPE had a native function > for updating unix filesystems in a more granular fashion. However, > they do provide support for a scripting facility for you to > roll-your-own. Several years ago, someone on this list provided me > with a sample script, that I have since adapted and use for applying a > usermod to JAVA in support if EKM(enterprise Key Manager). Here are > some of the interesting bits and pieces of the usermod. The script > gets executed on an apply, after the code has been copied in, and on a > restore will execute the script again to do what you want(like delete your > updates, and restore the original parts). > I am willing to share the script too, just too long to put into this email. > > ++ USERMOD (MCKL001) /* > IBM Security Key Lifecycle Manager for JAVA 7.1 (31-Bit) platform */. > ++ VER (Z038) > FMID(HJVA710) > /* > USERMOD DESCRIPTION(S): > MCKL001 - > . > . > . > ++ HFS (MCKL001J) /* $java_home/lib/security/java.security.sklm */ > DISTLIB (AAJVHFS) > SYSLIB (SAJV17K) > PARM (PATHMODE(0,6,4,4)) > LINK ('../lib/security/java.security.sklm') > SHSCRIPT (MCKL001S,POST) > TEXT . > $$ GIMDTS FORMAT > $$ VB _; `e > é é # > ====================================================================== > ===== # Licensed Materials - Property of IBM # "Restricted > Materia > ls of IBM" # # IBM SDK, Java(tm) Technology Edition, v7 > # (C) > Copyright IBM Corp. 2004, 2010. All Rights Reserved # ( ( # US > Governm > . > . > . > ++ SHELLSCR (MCKL001S) /* $java_home/MCKL001s */ > DISTLIB (AAJVHFS) > SYSLIB (SAJV17K) > PARM (PATHMODE(0,7,5,5)) > TEXT . > $$ GIMDTS FORMAT > $$ VB _; ` > å å # This script will either create or delete the backup copies > of the < < > # security policy jar files when the JCE Unlimited Strength > Jurisdiction å å > # Policy jar files are installed/removed from the J6.0/lib/security > à à # di > rectory. The script uses the following environment variables # for > input: > # # SMP_Directory - directory in which the file resides > # SMP_ > File - name of the HFS file à à # SMP_Phase - indicates whether the > shell scr . > . > . > ++ PROC (JVMPRC71) DISTLIB(APROCLIB) SYSLIB(PROCLIB) TXLIB(APROCLIB). > > > Comments from the script: > > # This script will either create or delete the backup copies of the # > security policy jar files when the JCE Unlimited Strength Jurisdiction > # Policy jar files are installed/removed from the J7.1/lib/security # > directory. The script uses the following environment variables # for > input: > # > # SMP_Directory - directory in which the file resides # SMP_File - > name of the HFS file # SMP_Phase - indicates whether the shell script > is being called > # before or after SMP/E has processed the file > # SMP_Action - the action that SMP/E is performing: COPY or DELETE # > > This e-mail transmission contains information that is confidential and may > be privileged. It is intended only for the addressee(s) named above. If > you receive this e-mail in error, please do not read, copy or > disseminate it in any manner. If you are not the intended recipient, > any disclosure, copying, distribution or use of the contents of this > information is prohibited. Please reply to the message immediately by > informing the sender that the message was misdirected. After replying, > please erase it from your computer system. Your assistance in correcting this > error is appreciated. > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN "Email Firewall" made the following annotations. ------------------------------------------------------------------------------ Warning: All e-mail sent to this address will be received by the corporate e-mail system, and is subject to archival and review by someone other than the recipient. This e-mail may contain proprietary information and is intended only for the use of the intended recipient(s). If the reader of this message is not the intended recipient(s), you are notified that you have received this message in error and that any review, dissemination, distribution or copying of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately. ============================================================================== ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN