HI Fred, ACLs are kept in the File Security Packet (FSP) for each individual file in the Unix file system. They are not stored in RACF.
The ACL you show would allow these two users to write (w) to the file but not read (r) or execute(x) it. You might need to add read (r) authority if they are having difficulty accessing the file. Check for ICH408I violation messages as they will show INTENT and ALLOWED. The file ACL should not have effect your ability to rename the file. Rename is controlled by access to the parent directory, and write (w) is required to rename it. Check your permissions to the directory. It, too, might have an ACL. Again, check for ICH408I messages. BTW, the owner appears as a UID and not a RACF ID. Either there is no RACF ID with this UID, or the default group for the RACF ID with this UID doesn't have a GID. I recommend you remediate this. Regards, Bob Robert S. Hansel 2021 #IBMChampion Lead RACF Specialist RSH Consulting, Inc. 617-969-8211 www.linkedin.com/in/roberthansel www.twitter.com/RSH_RACF www.rshconsulting.com --------------------------------------------------------------------------- Upcoming RSH RACF Training - WebEx - RACF Audit & Compliance Roadmap - OCT 18-22, 2021 - RACF Level I Administration - DEC 6-10, 2021 - RACF Level II Administration - NOV 15-19, 2021 - RACF Level III Admin, Audit, & Compliance - NOV 1-5, 2021 - RACF - Securing z/OS UNIX - SEPT 20-24, 2021 --------------------------------------------------------------------------- -----Original Message----- Date: Fri, 2 Jul 2021 14:10:32 +0000 From: fred glenlake <fred.glenl...@outlook.com> Subject: Re: Unix Permissions Display Question Hi List, Amazing response by so many members, very much appreciated. Just to close the loop, I don't have Vista so that's out. The Unix display that I re-typed was with the + in front of the 755. From the follow-on copy and pastes below of your suggested commands it shows I have 2 USER ACL's defined somewhere in RACF that are likely the cause of my access issues when I try to rename this file in a simulated DR test scenario. I issued the GETFACL command as suggested and that display is copied and pasted below. $ getfacl SYSTEM/etc/pagent_TTLS.conf #file: SYSTEM/etc/pagent_TTLS.conf #owner: 30456 #group: SYS1 user::rwx group::r-x other::r-x user:DRTSTCPY:-w- user:DREVTCPY:-w- <snip> ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
