On Tue, 2011-07-19 at 17:59 -0700, Starr, Alan wrote: > Hi List, > > The subject of an APF-authorized program invoking a program that runs > non-APF-authorized has been discussed many times here. The admonishment not > to turn JSCBAUTH on, after having turned it off, has been repeated many times. > > I wonder how the initiator manages to invoke PGM=apfpgm (APF-authorized) and > then PGM=nonapf (not APF-authorized) for a subsequent step or job. Does it, > for example, turn on JSCBAUTH in the ATTACHed program's (job step) JSCB? Does > anybody know the sequence of events and/or what the ATTACH(X) invocations > look like? > > Cheers, > Alan >
The initiator code creates a new JSCB control block for the program which it ATTACHes. Look at the JSTCB= and RSAPF= parameters. I don't know (damn you, OCO!), but it may also use the DISP=NO to create the new job step task in a "stopped" state, modify the TCB to point to a new JSCB, then ATTACH DISP=RESET,TCB= to allow the TCB to start executing. == In some ways, this is much easier to do using z/OS UNIX. fork() starts a new address space (usually) and APF can be specified on each program which resides in a UNIX filesystem. Of course, marking a program APF requires appropriate RACF authority to issue the "chattr" command. You can also do "interesting" things by setting up some environment variables, if you have the proper RACF authority. http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/bpxzb291/A.1 1) _BPX_JOBNAME to change the name of the fork()'ed STC (it shows up as an STC in SDSF). 2) _BPX_USERID to run as a different user 3) _BPXK_JOBLOG= to send the "joblog" messages to NONE, STDERR (file descriptor 2) or "n" for file descriptor "n". -- John McKown Maranatha! <>< ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
