IMO, you need an OMVS segment and a unique, non-zero, UID. You also need Write (Read & eXecute would be nice too) access to the /TEST subdirectory. From the message, your ID is running with a UID of 9999999 and a GID of 1. How to give you access to /TEST as you are now defined?
1) setfacl -m user:9999999:rwx /TEST 2) setfacl -m group:1:rwx /TEST http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/BPXZA590/SETFACL This requires "root" to do the commands, but then your id can access the subdirectory. This may or may not grant you access to other files in that subdirectory. Access to each file in the subdirectory will depend on the ACL for that file. Instead of UID==0, get CONTROL access to profile SUPERUSER.FILESYS in the UNIXPRIV class. http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/bpxzb291/4.6 This latter is still horrible, but less so than UID==0. It will allow you unlimited access to every UNIX file and subdirectory in your shop. I.e. you can destroy the UNIX environment with relative ease. The setfacl is much nicer. Especially if your RACF admin gives you a unique, non-zero, UID in an OMVS segment and then uses the "setfacl -m user:<uid>:rwx /TEST" to give you access only to the /TEST subdirectory. Uh, replacing <uid> with the UID you were given. Using UID==0 is an anathema to any security conscious admin. Very few processes really need it. And, IMO, __never__ an interactive user. Have the RACF person look at the UNIXPRIV class and the BPX.--- profiles in the FACILITY class for ways to allow access without UID==0. -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM > -----Original Message----- > From: IBM Mainframe Discussion List > [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Angel Tamayo > Sent: Thursday, August 25, 2011 7:50 AM > To: IBM-MAIN@bama.ua.edu > Subject: Copying file to OMVS > > Hi List, > > Maybe someone here could have the same or similar case. > > I run job: > > //COPY1 EXEC PGM=IEBGENER,REGION=0M > //SYSPRINT DD SYSOUT=* > //SYSUT1 DD DISP=SHR,DSN=HLQ.COMPRESS.PAX > //SYSUT2 DD PATH='/TEST/COMPRESS9', > // PATHOPTS=(OWRONLY,OCREAT,OEXCL), > // PATHDISP=(KEEP,DELETE) > //SYSIN DD DUMMY > > I received message: > > ICH408I USER(ZOSUSER ) GROUP(OMVSGRP ) NAME(USER NAME ) 479 > /TEST/COMPRESS9 CL(FSOBJ ) > FID(00003813000000410000000000000000) > INSUFFICIENT AUTHORITY TO > OPEN > ACCESS INTENT(RW-) ACCESS ALLOWED(OWNER > ---) > EFFECTIVE UID(0009999999) EFFECTIVE GID(0000000001) > > > The RACF persons says that I need to have OMVS segment setup > for my userid > with UID(0). > > I suppose UID(0) will solve the problem but it is really the > only way to > solve it?. > I'm looking for a solution without UID(0), any idea on this will be > appreciated. > > As additional information ZOSUSER have authority to use SU > (superuser) in > OMVS environment, don't really know if this helps to this case. > > Angel > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
