Re: VM/CMS Training Material
Under VM, there is and online XEDIT Tutorial called SELF-TEACH. To invok e it, at a CMS Ready prompt: SLFTEACH ENTER Here's what the introduction says: --- This is a programmed instruction course that will enable you to learn XEDIT more quickly than by other methods. The techniques used in XEDIT Self-Teach are: 1. An explanation of the command 2. Exercises so you can SEE what the commands do There are fifteen Self-Teach lessons ranging from basic fundamentals to intermediate macro techniques, and of course everything in between. The lessons can be used by the first-time XEDIT user or by an experienced user. - This may be helpful. Sherry Sharon J. Everhart | Sr. Systems Programmer MACC | 111 Admiral Drive | PO Box 700 | Blair NE 68008-0700 Office: 402.533.5138 | www.maccnet.com
Re: VM/CMS Training Material
Does anyone know where SLFTEACH can be down loaded? I've looked at the VM Package download page and did some googleing but find a place to down load. Thanks, Steve -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Sherry Everhart Sent: Tuesday, March 01, 2011 8:39 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: VM/CMS Training Material Under VM, there is and online XEDIT Tutorial called SELF-TEACH. To invok e it, at a CMS Ready prompt: SLFTEACH ENTER Here's what the introduction says: --- This is a programmed instruction course that will enable you to learn XEDIT more quickly than by other methods. The techniques used in XEDIT Self-Teach are: 1. An explanation of the command 2. Exercises so you can SEE what the commands do There are fifteen Self-Teach lessons ranging from basic fundamentals to intermediate macro techniques, and of course everything in between. The lessons can be used by the first-time XEDIT user or by an experienced user. - This may be helpful. Sherry Sharon J. Everhart | Sr. Systems Programmer MACC | 111 Admiral Drive | PO Box 700 | Blair NE 68008-0700 Office: 402.533.5138 | www.maccnet.com
Re: VM/CMS Training Material
I was wondering if was an inhouse package that was written by Sherry's predecessors ? munson From: Gentry, Stephen stephen.gen...@lafayettelife.com To: IBMVM@LISTSERV.UARK.EDU Date: 03/01/2011 09:05 AM Subject:Re: VM/CMS Training Material Sent by:The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU Does anyone know where SLFTEACH can be down loaded? I've looked at the VM Package download page and did some googleing but find a place to down load. Thanks, Steve -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Sherry Everhart Sent: Tuesday, March 01, 2011 8:39 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: VM/CMS Training Material Under VM, there is and online XEDIT Tutorial called SELF-TEACH. To invok e it, at a CMS Ready prompt: SLFTEACH ENTER Here's what the introduction says: --- This is a programmed instruction course that will enable you to learn XEDIT more quickly than by other methods. The techniques used in XEDIT Self-Teach are: 1. An explanation of the command 2. Exercises so you can SEE what the commands do There are fifteen Self-Teach lessons ranging from basic fundamentals to intermediate macro techniques, and of course everything in between. The lessons can be used by the first-time XEDIT user or by an experienced user. - This may be helpful. Sherry Sharon J. Everhart | Sr. Systems Programmer MACC | 111 Admiral Drive | PO Box 700 | Blair NE 68008-0700 Office: 402.533.5138 | www.maccnet.com *** IMPORTANT NOTE*-- The opinions expressed in this message and/or any attachments are those of the author and not necessarily those of Brown Brothers Harriman Co., its subsidiaries and affiliates (BBH). There is no guarantee that this message is either private or confidential, and it may have been altered by unauthorized sources without your or our knowledge. Nothing in the message is capable or intended to create any legally binding obligations on either party and it is not intended to provide legal advice. BBH accepts no responsibility for loss or damage from its use, including damage from virus.
Re: VM/CMS Training Material
The google search did bring up hits at education institutions (i.e. colleges, universities), One mentioned was UK which, IIRC, did a lot with VM at one time, had user group meetings, etc. So I'm wondering if SLFTEACH ended up on an archive somewhere and can still be downloaded. From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Bill Munson Sent: Tuesday, March 01, 2011 9:15 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: VM/CMS Training Material I was wondering if was an inhouse package that was written by Sherry's predecessors ? munson From:Gentry, Stephen stephen.gen...@lafayettelife.com To:IBMVM@LISTSERV.UARK.EDU Date:03/01/2011 09:05 AM Subject:Re: VM/CMS Training Material Sent by:The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU Does anyone know where SLFTEACH can be down loaded? I've looked at the VM Package download page and did some googleing but find a place to down load. Thanks, Steve -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU mailto:IBMVM@LISTSERV.UARK.EDU ] On Behalf Of Sherry Everhart Sent: Tuesday, March 01, 2011 8:39 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: VM/CMS Training Material Under VM, there is and online XEDIT Tutorial called SELF-TEACH. To invok e it, at a CMS Ready prompt: SLFTEACH ENTER Here's what the introduction says: --- This is a programmed instruction course that will enable you to learn XEDIT more quickly than by other methods. The techniques used in XEDIT Self-Teach are: 1. An explanation of the command 2. Exercises so you can SEE what the commands do There are fifteen Self-Teach lessons ranging from basic fundamentals to intermediate macro techniques, and of course everything in between. The lessons can be used by the first-time XEDIT user or by an experienced user. - This may be helpful. Sherry Sharon J. Everhart | Sr. Systems Programmer MACC | 111 Admiral Drive | PO Box 700 | Blair NE 68008-0700 Office: 402.533.5138 | www.maccnet.com
Re: VM/CMS Training Material
SLFTEACH XEDIT is mentioned here: http://web.utk.edu/~mnewman/ibmguide05.html which is for the University of Tennessee Computing Center. The site appears to be outdated, but it's really nice! Les Gentry, Stephen wrote: The google search did bring up hits at education institutions (i.e. colleges, universities), One mentioned was UK which, IIRC, did a lot with VM at one time, had user group meetings, etc. So I'm wondering if SLFTEACH ended up on an archive somewhere and can still be downloaded. From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Bill Munson Sent: Tuesday, March 01, 2011 9:15 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: VM/CMS Training Material I was wondering if was an inhouse package that was written by Sherry's predecessors ? munson From:Gentry, Stephen stephen.gen...@lafayettelife.com To:IBMVM@LISTSERV.UARK.EDU Date:03/01/2011 09:05 AM Subject:Re: VM/CMS Training Material Sent by:The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU Does anyone know where SLFTEACH can be down loaded? I've looked at the VM Package download page and did some googleing but find a place to down load. Thanks, Steve -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU mailto:IBMVM@LISTSERV.UARK.EDU ] On Behalf Of Sherry Everhart Sent: Tuesday, March 01, 2011 8:39 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: VM/CMS Training Material Under VM, there is and online XEDIT Tutorial called SELF-TEACH. To invok e it, at a CMS Ready prompt: SLFTEACH ENTER Here's what the introduction says: --- This is a programmed instruction course that will enable you to learn XEDIT more quickly than by other methods. The techniques used in XEDIT Self-Teach are: 1. An explanation of the command 2. Exercises so you can SEE what the commands do There are fifteen Self-Teach lessons ranging from basic fundamentals to intermediate macro techniques, and of course everything in between. The lessons can be used by the first-time XEDIT user or by an experienced user. - This may be helpful. Sherry Sharon J. Everhart | Sr. Systems Programmer MACC | 111 Admiral Drive | PO Box 700 | Blair NE 68008-0700 Office: 402.533.5138 | www.maccnet.com
Re: VM/CMS Training Material
Yeah, outdated, VM/HPO (among other things). -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Les Koehler Sent: Tuesday, March 01, 2011 9:43 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: VM/CMS Training Material SLFTEACH XEDIT is mentioned here: http://web.utk.edu/~mnewman/ibmguide05.html which is for the University of Tennessee Computing Center. The site appears to be outdated, but it's really nice! Les Gentry, Stephen wrote: The google search did bring up hits at education institutions (i.e. colleges, universities), One mentioned was UK which, IIRC, did a lot with VM at one time, had user group meetings, etc. So I'm wondering if SLFTEACH ended up on an archive somewhere and can still be downloaded. From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Bill Munson Sent: Tuesday, March 01, 2011 9:15 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: VM/CMS Training Material I was wondering if was an inhouse package that was written by Sherry's predecessors ? munson From:Gentry, Stephen stephen.gen...@lafayettelife.com To:IBMVM@LISTSERV.UARK.EDU Date:03/01/2011 09:05 AM Subject:Re: VM/CMS Training Material Sent by:The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU Does anyone know where SLFTEACH can be down loaded? I've looked at the VM Package download page and did some googleing but find a place to down load. Thanks, Steve -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU mailto:IBMVM@LISTSERV.UARK.EDU ] On Behalf Of Sherry Everhart Sent: Tuesday, March 01, 2011 8:39 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: VM/CMS Training Material Under VM, there is and online XEDIT Tutorial called SELF-TEACH. To invok e it, at a CMS Ready prompt: SLFTEACH ENTER Here's what the introduction says: --- This is a programmed instruction course that will enable you to learn XEDIT more quickly than by other methods. The techniques used in XEDIT Self-Teach are: 1. An explanation of the command 2. Exercises so you can SEE what the commands do There are fifteen Self-Teach lessons ranging from basic fundamentals to intermediate macro techniques, and of course everything in between. The lessons can be used by the first-time XEDIT user or by an experienced user. - This may be helpful. Sherry Sharon J. Everhart | Sr. Systems Programmer MACC | 111 Admiral Drive | PO Box 700 | Blair NE 68008-0700 Office: 402.533.5138 | www.maccnet.com
Re: VM/CMS Training Material
None of my predecessors wrote the SELFTEACH Tutorial. It is an IBM program: * * * Top of File * * * /* 5798-DWW (C) Copyright IBM 1985 */ /* Licensed Material - Program Property of IBM */ /* Release 1 Modification 0 */ /***/ We've installed it on the CMS USERID GLOBAL. Is this something I'm allowed to share? I don't want to get in trouble with IBM. Sherry
Re: VM/CMS Training Material
On Tuesday, 03/01/2011 at 10:39 EST, Sherry Everhart severh...@maccnet.com wrote: /* 5798-DWW (C) Copyright IBM 1985 /* Licensed Material - Program Property of IBM : Is this something I'm allowed to share? I don't want to get in trouble with IBM. Self Teach was withdrawn from marketing in 1994. No, you cannot share it unless you receive written permission from IBM. Alan Altmark z/VM and Linux on System z Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 alan_altm...@us.ibm.com IBM Endicott
Re: VM/CMS Training Material
No, it is not something you are allowed to share. Licensed Material -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Sherry Everhart Sent: Tuesday, March 01, 2011 10:39 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: VM/CMS Training Material None of my predecessors wrote the SELFTEACH Tutorial. It is an IBM program: * * * Top of File * * * /* 5798-DWW (C) Copyright IBM 1985 */ /* Licensed Material - Program Property of IBM */ /* Release 1 Modification 0 */ /*** / We've installed it on the CMS USERID GLOBAL. Is this something I'm allowed to share? I don't want to get in trouble with IBM. Sherry
System z Linux Council Meeting - San Francisco - March 14 / Updated Agenda
Bay Bunch System z Linux Council State Compensation Insurance Fund 1275 Market Street 2nd Floor, PAC Room (take the guest elevator to the cafeteria) San Francisco, CA 94102 Monday, March 14th, 2011 You’re invited to join us for our “Bay Bunch” “System z Linux Council” to be held at the State Compensation Insurance Fund in San Francisco, California, Monday, March 14th, 2011. We will begin with registration and a continental breakfast, followed by the sessions, and ending with a roundtable, lunch and planning for our next meetings. As always, the purpose of these meetings are to garner your insights and foster the sharing of information and experiences with the zVM and Linux on System z community. *** AGENDA * 8:30 AM - Arrival and Continental Breakfast 9:00 – 9:55 Overview of New Release 4.1 of Velocity’s zVPS and zPRO Tools Rich Smrcina – Senior Systems Engineer – Velocity Software 10:00 – 10:55 z196 Hardware Overview and Upgrade Experiences Kathy Amos – Systems Engineer – Mainline information Systems 11:00 – 11:55 Linux Enterprise High Availability Extension and the SUSE Linux Enterprise Mono Extension Mike Friesenegger – Technical Specialist - Novell Noon – Lunch, Roundtable discussion and planning for the next meeting. To register for this event – email Mark Banda _markb@velocitysoftware.com_ (mailto:ma...@velocitysoftware.com) Refreshments provided by Velocity Software and IBM
System z Linux Council Meeting - Phoenix - March 15 / Updated Agenda
System z Linux Council Salt River Project Information Systems Building 1600 North Priest Drive Tempe, Arizona, 85281 Tuesday, March 15th, 2011 You’re invited to join us for our continuing “System z Linux Council” to be held at the Salt River Project in Tempe, Arizona, Tuesday, March 15th, 2011. We will begin with registration and a continental breakfast, followed by the sessions, and ending with a roundtable, lunch and planning for our next meetings. As always, the purpose of these meetings is to garner your insights and foster the sharing of information and experiences within the Linux on System z community. *** AGENDA * Agenda 8:30 AM - Arrival and Continental Breakfast 9:00 – 9:55 Overview of New Release 4.1 of Velocity’s zVPS and zPRO Tools Rich Smrcina – Senior Systems Engineer – Velocity Software 10:00 – 10:55 z196 Hardware Overview and Upgrade Experiences Kathy Amos – Systems Engineer – Mainline information Systems 11:00 – 11:55 Linux Enterprise High Availability Extension and the SUSE Linux Enterprise Mono Extension Mike Friesenegger – Technical Specialist - Novell Noon – Lunch, Roundtable discussion and planning for the next meeting. To register for this event – email Mark Banda _markb@velocitysoftware.com_ (mailto:ma...@velocitysoftware.com) Refreshments provided by Velocity Software and IBM
System z Linux Council Meeting - Costa Mesa - March 16th / Updated Agenda
System z Linux Council Auto Club of Southern California Fairview Street Costa Mesa, California 92626 Wednesday, March 16th, 2011 You’re invited to join us for our continuing “System z Linux Council” to be held at the Auto Club in Costa Mesa, California, Wednesday, March 16th, 2011. We will begin with registration and a continental breakfast, followed by the sessions, and ending with a roundtable, lunch and planning for our next meetings. As always, the purpose of these meetings is to garner your insights and foster the sharing of information and experiences within the Linux on System z community. *** AGENDA * Agenda 8:30 AM - Arrival and Continental Breakfast 9:00 – 9:55 Overview of New Release 4.1 of Velocity’s zVPS and zPRO Tools Rich Smrcina – Senior Systems Engineer – Velocity Software 10:00 – 10:55 z196 Hardware Overview and Upgrade Experiences Kathy Amos – Systems Engineer – Mainline information Systems 11:00 – 11:55 Linux Enterprise High Availability Extension and the SUSE Linux Enterprise Mono Extension Mike Friesenegger – Technical Specialist - Novell Noon – Lunch, Roundtable discussion and planning for the next meeting. To register for this event – email Mark Banda _markb@velocitysoftware.com_ (mailto:ma...@velocitysoftware.com) Refreshments provided by Velocity Software and IBM
CMS SFS Question
Is there a way to delete multiple users at once or create a batch job to delete multiple users that are enrolled in SFS? Thank you, Scott R Wandschneider Systems Programmer 3|| Infocrossing, a Wipro Company || 11707 Miracle Hills Drive, Omaha, NE, 68154-4457|| : 402.963.8905 || :847.849.7223 || : scott.wandschnei...@infocrossing.com **Think Green - Please print responsibly**
Re: CMS SFS Question
REXX? On 03/01/2011 12:35 PM, Wandschneider, Scott wrote: Is there a way to delete multiple users at once or create a batch job to delete multiple users that are enrolled in SFS? Thank you, Scott R Wandschneider Systems Programmer 3|| Infocrossing, a Wipro Company || 11707 Miracle Hills Drive, Omaha, NE, 68154-4457|| : 402.963.8905 || :847.849.7223 || : scott.wandschnei...@infocrossing.com **Think Green - Please print responsibly** Confidentiality Note: This e-mail, including any attachment to it, may contain material that is confidential, proprietary, privileged and/or Protected Health Information, within the meaning of the regulations under the Health Insurance Portability Accountability Act as amended. If it is not clear that you are the intended recipient, you are hereby notified that you have received this transmittal in error, and any review, dissemination, distribution or copying of this e-mail, including any attachment to it, is strictly prohibited. If you have received this e-mail in error, please immediately return it to the sender and delete it from your system. Thank you. -- Rich Smrcina Velocity Software, Inc. http://www.velocitysoftware.com Catch the WAVV! http://www.wavv.org WAVV 2011 - April 15-19, 2011 Colorado Springs, CO
Re: CMS SFS Question
Nahh ... even easier ... Pipes. I'm thinking two pipes. One to gather the Q ENROLL output then a second to actually perform the deletes. In between shove that Q ENROLL output into a file, manually edit for confirmation, then feed the selected content into DELETE USER. -- R; Rick Troth Velocity Software http://www.velocitysoftware.com/ On Tue, 1 Mar 2011, Rich Smrcina wrote: REXX? On 03/01/2011 12:35 PM, Wandschneider, Scott wrote: Is there a way to delete multiple users at once or create a batch job to delete multiple users that are enrolled in SFS? Thank you, Scott R Wandschneider Systems Programmer 3|| Infocrossing, a Wipro Company || 11707 Miracle Hills Drive, Omaha, NE, 68154-4457|| : 402.963.8905 || :847.849.7223 || : scott.wandschnei...@infocrossing.com **Think Green - Please print responsibly** Confidentiality Note: This e-mail, including any attachment to it, may contain material that is confidential, proprietary, privileged and/or Protected Health Information, within the meaning of the regulations under the Health Insurance Portability Accountability Act as amended. If it is not clear that you are the intended recipient, you are hereby notified that you have received this transmittal in error, and any review, dissemination, distribution or copying of this e-mail, including any attachment to it, is strictly prohibited. If you have received this e-mail in error, please immediately return it to the sender and delete it from your system. Thank you. -- Rich Smrcina Velocity Software, Inc. http://www.velocitysoftware.com Catch the WAVV! http://www.wavv.org WAVV 2011 - April 15-19, 2011 Colorado Springs, CO
Re: Applying Maintenance - Best Practice
I just want to close out this thread by thanking, once again, everyone from the bottom of my heart. We just cutover last Sunday, Feb 27, 2011, to a z196, 2817, from a z9, 2094. z/VM 5.4 RSU 1002, with the compatibility PTFs as specified in this thread, came up just fine. This was the acid test of the maintenance and it passed with flying colors thanks to all of you here in this thread who made it possible. My gratitude is too deep for words; there are none adequate enough. The list is so long, you all know who you are. I could not mention one without all. You have all been so important and indispensable to this effort. It is all for one and one for all. But a special thanks is due our fearless leader, Alan, around whom we all rally. George Henke/NYLIC 11/02/2010 03:53 PM To The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU cc Subject Re: Applying Maintenance - Best Practice I want to thank everyone for their support on this thread without which none of the following would have been possible. Creating a Level 2 environment cloning Level 1 to Level 2 Applying 2 years of maintenance to Level 2; from 5402RSU (0802) to 5407RSU (1002) /PSP/COR and z196 compatibility Reapplying the same maintenance to Level 1 IPLing Level 1 without any issues, last weekend We are now current on maintenance and ready for z196. BTW: the 5407RSU contained only 1 (VM64798) of the 3 APARs necessary for z196 compatibility. The other 2 (VM64879 VM64881) had to be ordered and applied as corrective (COR) maintenance. Once again, thank you all, the list is t long, for all your help. George Henke/NYLIC 09/23/2010 10:30 AM To The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU cc Subject Applying Maintenance - Best Practice Would you recommend putting this 5.4 zEnterprise compatibility maintenance on at Level 1 or Level 2. We currently have both environments for 5.4. I suppose the quickest and easiest (maybe dirtiest too?) way is just to put it on at Level 1 and fall back to CPOLD if there is a problem. Best practice may call for putting it on at Level 2 first, but the nature of the change may not warrant that level of effort. There are, however, 45 or more prereq fixes also going on with these 2 APARs, VM64879 VM64881. Just interested in what everyone thinks. Marcy Cortes marcy.d.cor...@wellsfargo.com Sent by: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU 09/22/2010 11:01 AM Please respond to The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU To IBMVM@LISTSERV.UARK.EDU cc Subject Re: What is the z/VM 5.4 Compatibility PTF for z196? Also you want to check PSP on IBMLink and look for 2817DEVICE and see what recent stuff is needed for that system type (or whatever one you are installing). From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Bruce Hayden Sent: Wednesday, September 22, 2010 7:27 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: [IBMVM] What is the z/VM 5.4 Compatibility PTF for z196? Look at the page http://www.vm.ibm.com/service/vmreqze.html for the complete list of z/VM APARS for the zEnterprise. On Wed, Sep 22, 2010 at 10:07 AM, George Henke/NYLIC george_he...@newyorklife.com wrote: Marcy, Thank you for this information. Do you happen to know what PTF is needed to run z/VM 5.4 on the z196. We will probably take your advice. We will probably bring up the z196 with 5.4 first and then move 6.1 up to Level 1 afterwards. -- Bruce Hayden z/VM and Linux on System z ATS IBM, Endicott, NY
Re: CMS SFS Question
The Pipe is the easiest. PIPE user list | spec /delete user/ 1 w1 nw | cms | delete log a Note, however, that if you have an SFS that has a lot of files and permissions, each DELETE USER can take a long time, so you do not want to do this on an id that you might need soon after you enter the PIPE command. In our shop, an individual DELETE USER can take upwards of 10 minutes. Cleaning up SFS when a userid is deleted is important from a security standpoint. If the same id should be given to a different person, it would automatically inherit permissions from the prior owner. You should be doing a DELETE USER every time that a userid is deleted from the directory. It is possible for one user to grant access to other users who are not enrolled. DELETE USER does not clean up these permissions. To get rid of them, you have to first enroll the user in the pool even if it is for 0 blocks. To solve this in our automated process, each user to be deleted is enrolled for 0 blocks, ignoring the return code. We don't care if the user is already enrolled, the attempt does no harm. After the enroll, the deletion will clean out all permissions granted to or by the user being deleted. Regards, Richard Schuh -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Rick Troth Sent: Tuesday, March 01, 2011 10:54 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: CMS SFS Question Nahh ... even easier ... Pipes. I'm thinking two pipes. One to gather the Q ENROLL output then a second to actually perform the deletes. In between shove that Q ENROLL output into a file, manually edit for confirmation, then feed the selected content into DELETE USER. -- R; Rick Troth Velocity Software http://www.velocitysoftware.com/ On Tue, 1 Mar 2011, Rich Smrcina wrote: REXX? On 03/01/2011 12:35 PM, Wandschneider, Scott wrote: Is there a way to delete multiple users at once or create a batch job to delete multiple users that are enrolled in SFS? Thank you, Scott R Wandschneider Systems Programmer 3|| Infocrossing, a Wipro Company || 11707 Miracle Hills Drive, Omaha, NE, 68154-4457|| ': 402.963.8905 || Ë:847.849.7223 || : scott.wandschnei...@infocrossing.com **Think Green - Please print responsibly** Confidentiality Note: This e-mail, including any attachment to it, may contain material that is confidential, proprietary, privileged and/or Protected Health Information, within the meaning of the regulations under the Health Insurance Portability Accountability Act as amended. If it is not clear that you are the intended recipient, you are hereby notified that you have received this transmittal in error, and any review, dissemination, distribution or copying of this e-mail, including any attachment to it, is strictly prohibited. If you have received this e-mail in error, please immediately return it to the sender and delete it from your system. Thank you. -- Rich Smrcina Velocity Software, Inc. http://www.velocitysoftware.com Catch the WAVV! http://www.wavv.org WAVV 2011 - April 15-19, 2011 Colorado Springs, CO
Re: CMS SFS Question
I'm curious: How do you find the user who is not enrolled, but granted rights to the target user to be deleted? Les Schuh, Richard wrote: The Pipe is the easiest. PIPE user list | spec /delete user/ 1 w1 nw | cms | delete log a Note, however, that if you have an SFS that has a lot of files and permissions, each DELETE USER can take a long time, so you do not want to do this on an id that you might need soon after you enter the PIPE command. In our shop, an individual DELETE USER can take upwards of 10 minutes. Cleaning up SFS when a userid is deleted is important from a security standpoint. If the same id should be given to a different person, it would automatically inherit permissions from the prior owner. You should be doing a DELETE USER every time that a userid is deleted from the directory. It is possible for one user to grant access to other users who are not enrolled. DELETE USER does not clean up these permissions. To get rid of them, you have to first enroll the user in the pool even if it is for 0 blocks. To solve this in our automated process, each user to be deleted is enrolled for 0 blocks, ignoring the return code. We don't care if the user is already enrolled, the attempt does no harm. After the enroll, the deletion will clean out all permissions granted to or by the user being deleted. Regards, Richard Schuh -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Rick Troth Sent: Tuesday, March 01, 2011 10:54 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: CMS SFS Question Nahh ... even easier ... Pipes. I'm thinking two pipes. One to gather the Q ENROLL output then a second to actually perform the deletes. In between shove that Q ENROLL output into a file, manually edit for confirmation, then feed the selected content into DELETE USER. -- R; Rick Troth Velocity Software http://www.velocitysoftware.com/ On Tue, 1 Mar 2011, Rich Smrcina wrote: REXX? On 03/01/2011 12:35 PM, Wandschneider, Scott wrote: Is there a way to delete multiple users at once or create a batch job to delete multiple users that are enrolled in SFS? Thank you, Scott R Wandschneider Systems Programmer 3|| Infocrossing, a Wipro Company || 11707 Miracle Hills Drive, Omaha, NE, 68154-4457|| ': 402.963.8905 || Ë:847.849.7223 || : scott.wandschnei...@infocrossing.com **Think Green - Please print responsibly** Confidentiality Note: This e-mail, including any attachment to it, may contain material that is confidential, proprietary, privileged and/or Protected Health Information, within the meaning of the regulations under the Health Insurance Portability Accountability Act as amended. If it is not clear that you are the intended recipient, you are hereby notified that you have received this transmittal in error, and any review, dissemination, distribution or copying of this e-mail, including any attachment to it, is strictly prohibited. If you have received this e-mail in error, please immediately return it to the sender and delete it from your system. Thank you. -- Rich Smrcina Velocity Software, Inc. http://www.velocitysoftware.com Catch the WAVV! http://www.wavv.org WAVV 2011 - April 15-19, 2011 Colorado Springs, CO
zLinux OS disk read-only
Hello All, Has anyone run into a situation where the zLinux OS disk has become READ- ONLY access? We are running z/Linux under z/VM 5.4 Redhat 5.4. My zLinux Admin were doing compares between the production environment versus the Test D/R environment and noticed it. He issued the following on the prod zLinux guest environment: # mount -o remount,rw /dev/VolGroup01/LogVol00 mount: block device /dev/VolGroup01/LogVol00 is write-protected, mounting read-only Since we are testing our D/R process at the moment for the z/VM LPAR we are unsure at this point whether that is a contributing factor. It shoul d not be but we can't rule it out. We paused our PPRC/Global mirroring fro m the z/OS side before starting the D/R activities to perform recovery of the z/VM z/Linux. The problem was found while in the middle of verifying/comparing environments on the zLinux side. I can link to the minidisk that is used to IPL that zLinux guest and it shows R/W when I issue Q LINKS. All other minidisks owned by that zLinux guest are R/W a s well. From my perspective (z/VM) all looks good. Any input would be appreciated, if anything to rule out that PPRC/GM woul d have contributed to this. Thanks. Steve.
Re: zLinux OS disk read-only
How is the disk defined in the CP Directory entry (i.e. What is the mode of the disk), and what is in the console log when the user was logged in that could give a clue about the status of the disk when the user was initialized? The mode will tell you the condition(s) that could lead to it being read only (other users having it read/write or even read only), and the log may even tell you which or how many users gummed up the works, or when things when oval on you. In any case, it had to have happened at some point, and there has to be a footprint, if you keep your logs. -- Robert P. Nix Mayo Foundation.~. RO-OC-1-18 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. On 3/1/11 2:23 PM, Steve Perez sspe...@corelogic.com wrote: Hello All, Has anyone run into a situation where the zLinux OS disk has become READ- ONLY access? We are running z/Linux under z/VM 5.4 Redhat 5.4. My zLinux Admin were doing compares between the production environment versus the Test D/R environment and noticed it. He issued the following on the prod zLinux guest environment: # mount -o remount,rw /dev/VolGroup01/LogVol00 mount: block device /dev/VolGroup01/LogVol00 is write-protected, mounting read-only Since we are testing our D/R process at the moment for the z/VM LPAR we are unsure at this point whether that is a contributing factor. It shoul d not be but we can't rule it out. We paused our PPRC/Global mirroring fro m the z/OS side before starting the D/R activities to perform recovery of the z/VM z/Linux. The problem was found while in the middle of verifying/comparing environments on the zLinux side. I can link to the minidisk that is used to IPL that zLinux guest and it shows R/W when I issue Q LINKS. All other minidisks owned by that zLinux guest are R/W a s well. From my perspective (z/VM) all looks good. Any input would be appreciated, if anything to rule out that PPRC/GM woul d have contributed to this. Thanks. Steve.
Re: CMS SFS Question
I simply enroll any user to be deleted for 0 blocks. The alternative is to scan the sfs directories and files looking for such users. It is much easier to attempt the enroll. If it fails, it is because the user is already enrolled. Regards, Richard Schuh -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Les Koehler Sent: Tuesday, March 01, 2011 12:22 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: CMS SFS Question I'm curious: How do you find the user who is not enrolled, but granted rights to the target user to be deleted? Les Schuh, Richard wrote: The Pipe is the easiest. PIPE user list | spec /delete user/ 1 w1 nw | cms | delete log a Note, however, that if you have an SFS that has a lot of files and permissions, each DELETE USER can take a long time, so you do not want to do this on an id that you might need soon after you enter the PIPE command. In our shop, an individual DELETE USER can take upwards of 10 minutes. Cleaning up SFS when a userid is deleted is important from a security standpoint. If the same id should be given to a different person, it would automatically inherit permissions from the prior owner. You should be doing a DELETE USER every time that a userid is deleted from the directory. It is possible for one user to grant access to other users who are not enrolled. DELETE USER does not clean up these permissions. To get rid of them, you have to first enroll the user in the pool even if it is for 0 blocks. To solve this in our automated process, each user to be deleted is enrolled for 0 blocks, ignoring the return code. We don't care if the user is already enrolled, the attempt does no harm. After the enroll, the deletion will clean out all permissions granted to or by the user being deleted. Regards, Richard Schuh -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Rick Troth Sent: Tuesday, March 01, 2011 10:54 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: CMS SFS Question Nahh ... even easier ... Pipes. I'm thinking two pipes. One to gather the Q ENROLL output then a second to actually perform the deletes. In between shove that Q ENROLL output into a file, manually edit for confirmation, then feed the selected content into DELETE USER. -- R; Rick Troth Velocity Software http://www.velocitysoftware.com/ On Tue, 1 Mar 2011, Rich Smrcina wrote: REXX? On 03/01/2011 12:35 PM, Wandschneider, Scott wrote: Is there a way to delete multiple users at once or create a batch job to delete multiple users that are enrolled in SFS? Thank you, Scott R Wandschneider Systems Programmer 3|| Infocrossing, a Wipro Company || 11707 Miracle Hills Drive, Omaha, NE, 68154-4457|| ': 402.963.8905 || Ë:847.849.7223 || : scott.wandschnei...@infocrossing.com **Think Green - Please print responsibly** Confidentiality Note: This e-mail, including any attachment to it, may contain material that is confidential, proprietary, privileged and/or Protected Health Information, within the meaning of the regulations under the Health Insurance Portability Accountability Act as amended. If it is not clear that you are the intended recipient, you are hereby notified that you have received this transmittal in error, and any review, dissemination, distribution or copying of this e-mail, including any attachment to it, is strictly prohibited. If you have received this e-mail in error, please immediately return it to the sender and delete it from your system. Thank you. -- Rich Smrcina Velocity Software, Inc. http://www.velocitysoftware.com Catch the WAVV! http://www.wavv.org WAVV 2011 - April 15-19, 2011 Colorado Springs, CO
Re: zLinux OS disk read-only
The disk is defined as follows. This is an excerpt from the CP directory: IPL 200 . LINK RHMASTER 199 199 RR MDISK 200 3390 1 10016 LX53B5 M Unfortunately, the console log did not get spooled so I don't know what the log would have indicated for that disk when the guest machine came up. That's on my follow-up list. The guest machine is IPL'd off of its OS (disk 200) disk when it comes up (in its CP Directory) so I need to find a way to spool the console when it starts and not later after it has gone through its initialization. Thanks, Steve -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of RPN01 Sent: Tuesday, March 01, 2011 2:33 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only How is the disk defined in the CP Directory entry (i.e. What is the mode of the disk), and what is in the console log when the user was logged in that could give a clue about the status of the disk when the user was initialized? The mode will tell you the condition(s) that could lead to it being read only (other users having it read/write or even read only), and the log may even tell you which or how many users gummed up the works, or when things when oval on you. In any case, it had to have happened at some point, and there has to be a footprint, if you keep your logs. -- Robert P. Nix Mayo Foundation.~. RO-OC-1-18 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. On 3/1/11 2:23 PM, Steve Perez sspe...@corelogic.com wrote: Hello All, Has anyone run into a situation where the zLinux OS disk has become READ- ONLY access? We are running z/Linux under z/VM 5.4 Redhat 5.4. My zLinux Admin were doing compares between the production environment versus the Test D/R environment and noticed it. He issued the following on the prod zLinux guest environment: # mount -o remount,rw /dev/VolGroup01/LogVol00 mount: block device /dev/VolGroup01/LogVol00 is write-protected, mounting read-only Since we are testing our D/R process at the moment for the z/VM LPAR we are unsure at this point whether that is a contributing factor. It shoul d not be but we can't rule it out. We paused our PPRC/Global mirroring fro m the z/OS side before starting the D/R activities to perform recovery of the z/VM z/Linux. The problem was found while in the middle of verifying/comparing environments on the zLinux side. I can link to the minidisk that is used to IPL that zLinux guest and it shows R/W when I issue Q LINKS. All other minidisks owned by that zLinux guest are R/W a s well. From my perspective (z/VM) all looks good. Any input would be appreciated, if anything to rule out that PPRC/GM woul d have contributed to this. Thanks. Steve. ** This message may contain confidential or proprietary information intended only for the use of the addressee(s) named above or may contain information that is legally privileged. If you are not the intended addressee, or the person responsible for delivering it to the intended addressee, you are hereby notified that reading, disseminating, distributing or copying this message is strictly prohibited. If you have received this message by mistake, please immediately notify us by replying to the message and delete the original message and any copies immediately thereafter. Thank you. ** CLLD
Re: zLinux OS disk read-only
*M* Multiple-write access. Write access is established unless another user holds a write, a stable (SR, SW, SM) or an exclusive (ER, EW) mode access to the disk. Looks like some other VM has that disk linked in write mode. On Tue, Mar 1, 2011 at 3:53 PM, Perez, Steve S sspe...@corelogic.comwrote: The disk is defined as follows. This is an excerpt from the CP directory: IPL 200 . LINK RHMASTER 199 199 RR MDISK 200 3390 1 10016 LX53B5 M Unfortunately, the console log did not get spooled so I don't know what the log would have indicated for that disk when the guest machine came up. That's on my follow-up list. The guest machine is IPL'd off of its OS (disk 200) disk when it comes up (in its CP Directory) so I need to find a way to spool the console when it starts and not later after it has gone through its initialization. Thanks, Steve -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of RPN01 Sent: Tuesday, March 01, 2011 2:33 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only How is the disk defined in the CP Directory entry (i.e. What is the mode of the disk), and what is in the console log when the user was logged in that could give a clue about the status of the disk when the user was initialized? The mode will tell you the condition(s) that could lead to it being read only (other users having it read/write or even read only), and the log may even tell you which or how many users gummed up the works, or when things when oval on you. In any case, it had to have happened at some point, and there has to be a footprint, if you keep your logs. -- Robert P. Nix Mayo Foundation.~. RO-OC-1-18 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. On 3/1/11 2:23 PM, Steve Perez sspe...@corelogic.com wrote: Hello All, Has anyone run into a situation where the zLinux OS disk has become READ- ONLY access? We are running z/Linux under z/VM 5.4 Redhat 5.4. My zLinux Admin were doing compares between the production environment versus the Test D/R environment and noticed it. He issued the following on the prod zLinux guest environment: # mount -o remount,rw /dev/VolGroup01/LogVol00 mount: block device /dev/VolGroup01/LogVol00 is write-protected, mounting read-only Since we are testing our D/R process at the moment for the z/VM LPAR we are unsure at this point whether that is a contributing factor. It shoul d not be but we can't rule it out. We paused our PPRC/Global mirroring fro m the z/OS side before starting the D/R activities to perform recovery of the z/VM z/Linux. The problem was found while in the middle of verifying/comparing environments on the zLinux side. I can link to the minidisk that is used to IPL that zLinux guest and it shows R/W when I issue Q LINKS. All other minidisks owned by that zLinux guest are R/W a s well. From my perspective (z/VM) all looks good. Any input would be appreciated, if anything to rule out that PPRC/GM woul d have contributed to this. Thanks. Steve. ** This message may contain confidential or proprietary information intended only for the use of the addressee(s) named above or may contain information that is legally privileged. If you are not the intended addressee, or the person responsible for delivering it to the intended addressee, you are hereby notified that reading, disseminating, distributing or copying this message is strictly prohibited. If you have received this message by mistake, please immediately notify us by replying to the message and delete the original message and any copies immediately thereafter. Thank you. ** CLLD -- Mark D Pace Senior Systems Engineer Mainline Information Systems
Re: zLinux OS disk read-only
so I need to find a way to spool the console when it starts and not later after it has gone through its initialization. That's easy... Before the first device statement, insert: COMMAND SPOOL CONSOLE TO * START NAME USERID CONSOLE Mike Walter Aon Corporation The opinions expressed herein are mine alone, not my employer's. Perez, Steve S sspe...@corelogic.com Sent by: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU 03/01/2011 02:53 PM Please respond to The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU To IBMVM@LISTSERV.UARK.EDU cc Subject Re: zLinux OS disk read-only The disk is defined as follows. This is an excerpt from the CP directory: IPL 200 . LINK RHMASTER 199 199 RR MDISK 200 3390 1 10016 LX53B5 M Unfortunately, the console log did not get spooled so I don't know what the log would have indicated for that disk when the guest machine came up. That's on my follow-up list. The guest machine is IPL'd off of its OS (disk 200) disk when it comes up (in its CP Directory) so I need to find a way to spool the console when it starts and not later after it has gone through its initialization. Thanks, Steve -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of RPN01 Sent: Tuesday, March 01, 2011 2:33 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only How is the disk defined in the CP Directory entry (i.e. What is the mode of the disk), and what is in the console log when the user was logged in that could give a clue about the status of the disk when the user was initialized? The mode will tell you the condition(s) that could lead to it being read only (other users having it read/write or even read only), and the log may even tell you which or how many users gummed up the works, or when things when oval on you. In any case, it had to have happened at some point, and there has to be a footprint, if you keep your logs. -- Robert P. Nix Mayo Foundation.~. RO-OC-1-18 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. On 3/1/11 2:23 PM, Steve Perez sspe...@corelogic.com wrote: Hello All, Has anyone run into a situation where the zLinux OS disk has become READ- ONLY access? We are running z/Linux under z/VM 5.4 Redhat 5.4. My zLinux Admin were doing compares between the production environment versus the Test D/R environment and noticed it. He issued the following on the prod zLinux guest environment: # mount -o remount,rw /dev/VolGroup01/LogVol00 mount: block device /dev/VolGroup01/LogVol00 is write-protected, mounting read-only Since we are testing our D/R process at the moment for the z/VM LPAR we are unsure at this point whether that is a contributing factor. It shoul d not be but we can't rule it out. We paused our PPRC/Global mirroring fro m the z/OS side before starting the D/R activities to perform recovery of the z/VM z/Linux. The problem was found while in the middle of verifying/comparing environments on the zLinux side. I can link to the minidisk that is used to IPL that zLinux guest and it shows R/W when I issue Q LINKS. All other minidisks owned by that zLinux guest are R/W a s well. From my perspective (z/VM) all looks good. Any input would be appreciated, if anything to rule out that PPRC/GM woul d have contributed to this. Thanks. Steve. ** This message may contain confidential or proprietary information intended only for the use of the addressee(s) named above or may contain information that is legally privileged. If you are not the intended addressee, or the person responsible for delivering it to the intended addressee, you are hereby notified that reading, disseminating, distributing or copying this message is strictly prohibited. If you have received this message by mistake, please immediately notify us by replying to the message and delete the original message and any copies immediately thereafter. Thank you. ** CLLD The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. All messages sent to and from this e-mail
Re: zLinux OS disk read-only
Thanks, Mike. That works great! Thats one off my follow-up list. Kind Regards, Steve From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Mike Walter Sent: Tuesday, March 01, 2011 2:58 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only so I need to find a way to spool the console when it starts and not later after it has gone through its initialization. That's easy... Before the first device statement, insert: COMMAND SPOOL CONSOLE TO * START NAME USERID CONSOLE Mike Walter Aon Corporation The opinions expressed herein are mine alone, not my employer's. Perez, Steve S sspe...@corelogic.com Sent by: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU 03/01/2011 02:53 PM Please respond to The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU To IBMVM@LISTSERV.UARK.EDU cc Subject Re: zLinux OS disk read-only The disk is defined as follows. This is an excerpt from the CP directory: IPL 200 . LINK RHMASTER 199 199 RR MDISK 200 3390 1 10016 LX53B5 M Unfortunately, the console log did not get spooled so I don't know what the log would have indicated for that disk when the guest machine came up. That's on my follow-up list. The guest machine is IPL'd off of its OS (disk 200) disk when it comes up (in its CP Directory) so I need to find a way to spool the console when it starts and not later after it has gone through its initialization. Thanks, Steve -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of RPN01 Sent: Tuesday, March 01, 2011 2:33 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only How is the disk defined in the CP Directory entry (i.e. What is the mode of the disk), and what is in the console log when the user was logged in that could give a clue about the status of the disk when the user was initialized? The mode will tell you the condition(s) that could lead to it being read only (other users having it read/write or even read only), and the log may even tell you which or how many users gummed up the works, or when things when oval on you. In any case, it had to have happened at some point, and there has to be a footprint, if you keep your logs. -- Robert P. Nix Mayo Foundation.~. RO-OC-1-18 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. On 3/1/11 2:23 PM, Steve Perez sspe...@corelogic.com wrote: Hello All, Has anyone run into a situation where the zLinux OS disk has become READ- ONLY access? We are running z/Linux under z/VM 5.4 Redhat 5.4. My zLinux Admin were doing compares between the production environment versus the Test D/R environment and noticed it. He issued the following on the prod zLinux guest environment: # mount -o remount,rw /dev/VolGroup01/LogVol00 mount: block device /dev/VolGroup01/LogVol00 is write-protected, mounting read-only Since we are testing our D/R process at the moment for the z/VM LPAR we are unsure at this point whether that is a contributing factor. It shoul d not be but we can't rule it out. We paused our PPRC/Global mirroring fro m the z/OS side before starting the D/R activities to perform recovery of the z/VM z/Linux. The problem was found while in the middle of verifying/comparing environments on the zLinux side. I can link to the minidisk that is used to IPL that zLinux guest and it shows R/W when I issue Q LINKS. All other minidisks owned by that zLinux guest are R/W a s well. From my perspective (z/VM) all looks good. Any input would be appreciated, if anything to rule out that PPRC/GM woul d have contributed to this. Thanks. Steve. ** This message may contain confidential or proprietary information intended only for the use of the addressee(s) named above or may contain information that is legally privileged. If you are not the intended addressee, or the person responsible for delivering it to the intended addressee, you are hereby notified that reading, disseminating, distributing or copying this message is strictly prohibited. If you have received this message by mistake, please immediately notify us by replying to the message and delete the original message and any copies immediately thereafter. Thank you. ** CLLD The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in
Re: CMS SFS Question
I guess there's something implied there that I don't get. Scenario, from your note: Your task is to delete LES, who is enrolled, from the SFS system LES has granted rights to RICHARD but RICHARD is not enrolled How does enrolling LES for 0 blocks do anything about the granted rights that RICHARD has? Les Schuh, Richard wrote: I simply enroll any user to be deleted for 0 blocks. The alternative is to scan the sfs directories and files looking for such users. It is much easier to attempt the enroll. If it fails, it is because the user is already enrolled. Regards, Richard Schuh -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Les Koehler Sent: Tuesday, March 01, 2011 12:22 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: CMS SFS Question I'm curious: How do you find the user who is not enrolled, but granted rights to the target user to be deleted? Les Schuh, Richard wrote: The Pipe is the easiest. PIPE user list | spec /delete user/ 1 w1 nw | cms | delete log a Note, however, that if you have an SFS that has a lot of files and permissions, each DELETE USER can take a long time, so you do not want to do this on an id that you might need soon after you enter the PIPE command. In our shop, an individual DELETE USER can take upwards of 10 minutes. Cleaning up SFS when a userid is deleted is important from a security standpoint. If the same id should be given to a different person, it would automatically inherit permissions from the prior owner. You should be doing a DELETE USER every time that a userid is deleted from the directory. It is possible for one user to grant access to other users who are not enrolled. DELETE USER does not clean up these permissions. To get rid of them, you have to first enroll the user in the pool even if it is for 0 blocks. To solve this in our automated process, each user to be deleted is enrolled for 0 blocks, ignoring the return code. We don't care if the user is already enrolled, the attempt does no harm. After the enroll, the deletion will clean out all permissions granted to or by the user being deleted. Regards, Richard Schuh -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Rick Troth Sent: Tuesday, March 01, 2011 10:54 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: CMS SFS Question Nahh ... even easier ... Pipes. I'm thinking two pipes. One to gather the Q ENROLL output then a second to actually perform the deletes. In between shove that Q ENROLL output into a file, manually edit for confirmation, then feed the selected content into DELETE USER. -- R; Rick Troth Velocity Software http://www.velocitysoftware.com/ On Tue, 1 Mar 2011, Rich Smrcina wrote: REXX? On 03/01/2011 12:35 PM, Wandschneider, Scott wrote: Is there a way to delete multiple users at once or create a batch job to delete multiple users that are enrolled in SFS? Thank you, Scott R Wandschneider Systems Programmer 3|| Infocrossing, a Wipro Company || 11707 Miracle Hills Drive, Omaha, NE, 68154-4457|| ': 402.963.8905 || Ë:847.849.7223 || : scott.wandschnei...@infocrossing.com **Think Green - Please print responsibly** Confidentiality Note: This e-mail, including any attachment to it, may contain material that is confidential, proprietary, privileged and/or Protected Health Information, within the meaning of the regulations under the Health Insurance Portability Accountability Act as amended. If it is not clear that you are the intended recipient, you are hereby notified that you have received this transmittal in error, and any review, dissemination, distribution or copying of this e-mail, including any attachment to it, is strictly prohibited. If you have received this e-mail in error, please immediately return it to the sender and delete it from your system. Thank you. -- Rich Smrcina Velocity Software, Inc. http://www.velocitysoftware.com Catch the WAVV! http://www.wavv.org WAVV 2011 - April 15-19, 2011 Colorado Springs, CO
Re: zLinux OS disk read-only
The words* M Multiple-write access* are somewhat misleading. MW stands for Multiwrite. M is Multiple, you wil *not* get a link when some other user has a R/W link. With MR, one gets a R/O links when another R/W link exists. In this case, Linux had the minidisk, but in R/O mode, a fact that cannot be explained with this MDISK statement MDISK 200 3390 1 10016 LX53B5 M you get the minidisk R/W or not at all. Maybe a PROFILE EXEC did something? Like: CP Q V 200 if rc0 then 'CP LINK * 200 200 MR' 2011/3/1 Mark Pace pacemainl...@gmail.com *M* Multiple-write access. Write access is established unless another user holds a write, a stable (SR, SW, SM) or an exclusive (ER, EW) mode access to the disk. Looks like some other VM has that disk linked in write mode. On Tue, Mar 1, 2011 at 3:53 PM, Perez, Steve S sspe...@corelogic.comwrote: The disk is defined as follows. This is an excerpt from the CP directory: IPL 200 . LINK RHMASTER 199 199 RR MDISK 200 3390 1 10016 LX53B5 M Unfortunately, the console log did not get spooled so I don't know what the log would have indicated for that disk when the guest machine came up. That's on my follow-up list. The guest machine is IPL'd off of its OS (disk 200) disk when it comes up (in its CP Directory) so I need to find a way to spool the console when it starts and not later after it has gone through its initialization. Thanks, Steve -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of RPN01 Sent: Tuesday, March 01, 2011 2:33 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only How is the disk defined in the CP Directory entry (i.e. What is the mode of the disk), and what is in the console log when the user was logged in that could give a clue about the status of the disk when the user was initialized? The mode will tell you the condition(s) that could lead to it being read only (other users having it read/write or even read only), and the log may even tell you which or how many users gummed up the works, or when things when oval on you. In any case, it had to have happened at some point, and there has to be a footprint, if you keep your logs. -- Robert P. Nix Mayo Foundation.~. RO-OC-1-18 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. On 3/1/11 2:23 PM, Steve Perez sspe...@corelogic.com wrote: Hello All, Has anyone run into a situation where the zLinux OS disk has become READ- ONLY access? We are running z/Linux under z/VM 5.4 Redhat 5.4. My zLinux Admin were doing compares between the production environment versus the Test D/R environment and noticed it. He issued the following on the prod zLinux guest environment: # mount -o remount,rw /dev/VolGroup01/LogVol00 mount: block device /dev/VolGroup01/LogVol00 is write-protected, mounting read-only Since we are testing our D/R process at the moment for the z/VM LPAR we are unsure at this point whether that is a contributing factor. It shoul d not be but we can't rule it out. We paused our PPRC/Global mirroring fro m the z/OS side before starting the D/R activities to perform recovery of the z/VM z/Linux. The problem was found while in the middle of verifying/comparing environments on the zLinux side. I can link to the minidisk that is used to IPL that zLinux guest and it shows R/W when I issue Q LINKS. All other minidisks owned by that zLinux guest are R/W a s well. From my perspective (z/VM) all looks good. Any input would be appreciated, if anything to rule out that PPRC/GM woul d have contributed to this. Thanks. Steve. ** This message may contain confidential or proprietary information intended only for the use of the addressee(s) named above or may contain information that is legally privileged. If you are not the intended addressee, or the person responsible for delivering it to the intended addressee, you are hereby notified that reading, disseminating, distributing or copying this message is strictly prohibited. If you have received this message by mistake, please immediately notify us by replying to the message and delete the original message and any copies immediately thereafter. Thank you. ** CLLD -- Mark D Pace Senior Systems Engineer Mainline Information Systems -- Kris Buelens, IBM Belgium, VM customer support
Re: zLinux OS disk read-only
I issued a LINK RR against it and did a Q LINKS and it shows no other link access to that disk. Would it be possible that when we paused PPRC and suspended Global Mirror on the z/OS LPAR (shared volumes between all LPARS) that it may have accessed the dasd the minidisk is on in write mode and caused the access mode on the z/VM LPAR to go into a READ-MODE? Is that probable? Steve. From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Mark Pace Sent: Tuesday, March 01, 2011 2:57 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only M Multiple-write access. Write access is established unless another user holds a write, a stable (SR, SW, SM) or an exclusive (ER, EW) mode access to the disk. Looks like some other VM has that disk linked in write mode. On Tue, Mar 1, 2011 at 3:53 PM, Perez, Steve S sspe...@corelogic.commailto:sspe...@corelogic.com wrote: The disk is defined as follows. This is an excerpt from the CP directory: IPL 200 . LINK RHMASTER 199 199 RR MDISK 200 3390 1 10016 LX53B5 M Unfortunately, the console log did not get spooled so I don't know what the log would have indicated for that disk when the guest machine came up. That's on my follow-up list. The guest machine is IPL'd off of its OS (disk 200) disk when it comes up (in its CP Directory) so I need to find a way to spool the console when it starts and not later after it has gone through its initialization. Thanks, Steve -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDUmailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of RPN01 Sent: Tuesday, March 01, 2011 2:33 PM To: IBMVM@LISTSERV.UARK.EDUmailto:IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only How is the disk defined in the CP Directory entry (i.e. What is the mode of the disk), and what is in the console log when the user was logged in that could give a clue about the status of the disk when the user was initialized? The mode will tell you the condition(s) that could lead to it being read only (other users having it read/write or even read only), and the log may even tell you which or how many users gummed up the works, or when things when oval on you. In any case, it had to have happened at some point, and there has to be a footprint, if you keep your logs. -- Robert P. Nix Mayo Foundation.~. RO-OC-1-18 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. On 3/1/11 2:23 PM, Steve Perez sspe...@corelogic.commailto:sspe...@corelogic.com wrote: Hello All, Has anyone run into a situation where the zLinux OS disk has become READ- ONLY access? We are running z/Linux under z/VM 5.4 Redhat 5.4. My zLinux Admin were doing compares between the production environment versus the Test D/R environment and noticed it. He issued the following on the prod zLinux guest environment: # mount -o remount,rw /dev/VolGroup01/LogVol00 mount: block device /dev/VolGroup01/LogVol00 is write-protected, mounting read-only Since we are testing our D/R process at the moment for the z/VM LPAR we are unsure at this point whether that is a contributing factor. It shoul d not be but we can't rule it out. We paused our PPRC/Global mirroring fro m the z/OS side before starting the D/R activities to perform recovery of the z/VM z/Linux. The problem was found while in the middle of verifying/comparing environments on the zLinux side. I can link to the minidisk that is used to IPL that zLinux guest and it shows R/W when I issue Q LINKS. All other minidisks owned by that zLinux guest are R/W a s well. From my perspective (z/VM) all looks good. Any input would be appreciated, if anything to rule out that PPRC/GM woul d have contributed to this. Thanks. Steve. ** This message may contain confidential or proprietary information intended only for the use of the addressee(s) named above or may contain information that is legally privileged. If you are not the intended addressee, or the person responsible for delivering it to the intended addressee, you are hereby notified that reading, disseminating, distributing or copying this message is strictly prohibited. If you have received this message by mistake, please immediately notify us by replying to the message and delete the original message and any copies immediately thereafter. Thank you. ** CLLD -- Mark D Pace Senior Systems Engineer Mainline Information Systems
Re: CMS SFS Question
It is permissions granted to users who are not enrolled that is the issue. Here is the scenario: User Richard is enrolled User Les is not enrolled Richard grants Les some SFS authorities. DELETE USER LES is issued without enrolling LES (or no DELETE USER is issued for LES) The authorities granted to LES by RICHARD are left hanging and will be applied to any newly created LES regardless of the identity of the owner. If LES is enrolled before the DELETE USER, those authorities granted to LES by others are removed. By doing the ENROLL for 0 blocks for any userid that is to be deleted, no ghost authorities are given to new users. The userids are unconditionally enrolled. If the user has already been enrolled and owns a file space, the enroll will fail. Because all I care about is that the user be enrolled, I ignore that failure. Regards, Richard Schuh -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Les Koehler Sent: Tuesday, March 01, 2011 1:24 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: CMS SFS Question I guess there's something implied there that I don't get. Scenario, from your note: Your task is to delete LES, who is enrolled, from the SFS system LES has granted rights to RICHARD but RICHARD is not enrolled How does enrolling LES for 0 blocks do anything about the granted rights that RICHARD has? Les Schuh, Richard wrote: I simply enroll any user to be deleted for 0 blocks. The alternative is to scan the sfs directories and files looking for such users. It is much easier to attempt the enroll. If it fails, it is because the user is already enrolled. Regards, Richard Schuh -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Les Koehler Sent: Tuesday, March 01, 2011 12:22 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: CMS SFS Question I'm curious: How do you find the user who is not enrolled, but granted rights to the target user to be deleted? Les Schuh, Richard wrote: The Pipe is the easiest. PIPE user list | spec /delete user/ 1 w1 nw | cms | delete log a Note, however, that if you have an SFS that has a lot of files and permissions, each DELETE USER can take a long time, so you do not want to do this on an id that you might need soon after you enter the PIPE command. In our shop, an individual DELETE USER can take upwards of 10 minutes. Cleaning up SFS when a userid is deleted is important from a security standpoint. If the same id should be given to a different person, it would automatically inherit permissions from the prior owner. You should be doing a DELETE USER every time that a userid is deleted from the directory. It is possible for one user to grant access to other users who are not enrolled. DELETE USER does not clean up these permissions. To get rid of them, you have to first enroll the user in the pool even if it is for 0 blocks. To solve this in our automated process, each user to be deleted is enrolled for 0 blocks, ignoring the return code. We don't care if the user is already enrolled, the attempt does no harm. After the enroll, the deletion will clean out all permissions granted to or by the user being deleted. Regards, Richard Schuh -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Rick Troth Sent: Tuesday, March 01, 2011 10:54 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: CMS SFS Question Nahh ... even easier ... Pipes. I'm thinking two pipes. One to gather the Q ENROLL output then a second to actually perform the deletes. In between shove that Q ENROLL output into a file, manually edit for confirmation, then feed the selected content into DELETE USER. -- R; Rick Troth Velocity Software http://www.velocitysoftware.com/ On Tue, 1 Mar 2011, Rich Smrcina wrote: REXX? On 03/01/2011 12:35 PM, Wandschneider, Scott wrote: Is there a way to delete multiple users at once or create a batch job to delete multiple users that are enrolled in SFS? Thank you, Scott R Wandschneider Systems Programmer 3|| Infocrossing, a Wipro Company || 11707 Miracle Hills Drive, Omaha, NE, 68154-4457|| ': 402.963.8905 || Ë:847.849.7223 || : scott.wandschnei...@infocrossing.com **Think Green - Please print responsibly** Confidentiality Note: This e-mail, including any attachment to it, may contain material that is confidential, proprietary, privileged and/or Protected Health Information, within the meaning of the regulations under the Health Insurance Portability Accountability Act as amended. If it is not clear that you are the intended recipient, you are hereby notified that you have received this transmittal in error, and any review,
Re: zLinux OS disk read-only
Do a vmcp q v dasd If it shows r/w and is still not working, log the guest off and back on. If it works then, that would indicate it is some kind of RH problem and Linux was confused. If it still does not work, check the VM Operator log for any write inhibit HCP* error messages. That would indicate some problem with the HW stop you did. Marcy From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Perez, Steve S Sent: Tuesday, March 01, 2011 1:41 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: [IBMVM] zLinux OS disk read-only I issued a LINK RR against it and did a Q LINKS and it shows no other link access to that disk. Would it be possible that when we paused PPRC and suspended Global Mirror on the z/OS LPAR (shared volumes between all LPARS) that it may have accessed the dasd the minidisk is on in write mode and caused the access mode on the z/VM LPAR to go into a READ-MODE? Is that probable? Steve. From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Mark Pace Sent: Tuesday, March 01, 2011 2:57 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only M Multiple-write access. Write access is established unless another user holds a write, a stable (SR, SW, SM) or an exclusive (ER, EW) mode access to the disk. Looks like some other VM has that disk linked in write mode. On Tue, Mar 1, 2011 at 3:53 PM, Perez, Steve S sspe...@corelogic.commailto:sspe...@corelogic.com wrote: The disk is defined as follows. This is an excerpt from the CP directory: IPL 200 . LINK RHMASTER 199 199 RR MDISK 200 3390 1 10016 LX53B5 M Unfortunately, the console log did not get spooled so I don't know what the log would have indicated for that disk when the guest machine came up. That's on my follow-up list. The guest machine is IPL'd off of its OS (disk 200) disk when it comes up (in its CP Directory) so I need to find a way to spool the console when it starts and not later after it has gone through its initialization. Thanks, Steve -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDUmailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of RPN01 Sent: Tuesday, March 01, 2011 2:33 PM To: IBMVM@LISTSERV.UARK.EDUmailto:IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only How is the disk defined in the CP Directory entry (i.e. What is the mode of the disk), and what is in the console log when the user was logged in that could give a clue about the status of the disk when the user was initialized? The mode will tell you the condition(s) that could lead to it being read only (other users having it read/write or even read only), and the log may even tell you which or how many users gummed up the works, or when things when oval on you. In any case, it had to have happened at some point, and there has to be a footprint, if you keep your logs. -- Robert P. Nix Mayo Foundation.~. RO-OC-1-18 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. On 3/1/11 2:23 PM, Steve Perez sspe...@corelogic.commailto:sspe...@corelogic.com wrote: Hello All, Has anyone run into a situation where the zLinux OS disk has become READ- ONLY access? We are running z/Linux under z/VM 5.4 Redhat 5.4. My zLinux Admin were doing compares between the production environment versus the Test D/R environment and noticed it. He issued the following on the prod zLinux guest environment: # mount -o remount,rw /dev/VolGroup01/LogVol00 mount: block device /dev/VolGroup01/LogVol00 is write-protected, mounting read-only Since we are testing our D/R process at the moment for the z/VM LPAR we are unsure at this point whether that is a contributing factor. It shoul d not be but we can't rule it out. We paused our PPRC/Global mirroring fro m the z/OS side before starting the D/R activities to perform recovery of the z/VM z/Linux. The problem was found while in the middle of verifying/comparing environments on the zLinux side. I can link to the minidisk that is used to IPL that zLinux guest and it shows R/W when I issue Q LINKS. All other minidisks owned by that zLinux guest are R/W a s well. From my perspective (z/VM) all looks good. Any input would be appreciated, if anything to rule out that PPRC/GM woul d have contributed to this. Thanks. Steve. ** This message may contain confidential or proprietary information intended only for the use of the addressee(s) named above or may contain information that is legally privileged. If you are not the intended addressee, or the person responsible for delivering it to the intended addressee, you are hereby
Re: zLinux OS disk read-only
No PROFILE EXEC involved. The guest machine directly IPL's the 200 mdisk, which is the OS disk of z/Linux. From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Kris Buelens Sent: Tuesday, March 01, 2011 3:36 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only The words M Multiple-write access are somewhat misleading. MW stands for Multiwrite. M is Multiple, you wil *not* get a link when some other user has a R/W link. With MR, one gets a R/O links when another R/W link exists. In this case, Linux had the minidisk, but in R/O mode, a fact that cannot be explained with this MDISK statement MDISK 200 3390 1 10016 LX53B5 M you get the minidisk R/W or not at all. Maybe a PROFILE EXEC did something? Like: CP Q V 200 if rc0 then 'CP LINK * 200 200 MR' 2011/3/1 Mark Pace pacemainl...@gmail.commailto:pacemainl...@gmail.com M Multiple-write access. Write access is established unless another user holds a write, a stable (SR, SW, SM) or an exclusive (ER, EW) mode access to the disk. Looks like some other VM has that disk linked in write mode. On Tue, Mar 1, 2011 at 3:53 PM, Perez, Steve S sspe...@corelogic.commailto:sspe...@corelogic.com wrote: The disk is defined as follows. This is an excerpt from the CP directory: IPL 200 . LINK RHMASTER 199 199 RR MDISK 200 3390 1 10016 LX53B5 M Unfortunately, the console log did not get spooled so I don't know what the log would have indicated for that disk when the guest machine came up. That's on my follow-up list. The guest machine is IPL'd off of its OS (disk 200) disk when it comes up (in its CP Directory) so I need to find a way to spool the console when it starts and not later after it has gone through its initialization. Thanks, Steve -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDUmailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of RPN01 Sent: Tuesday, March 01, 2011 2:33 PM To: IBMVM@LISTSERV.UARK.EDUmailto:IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only How is the disk defined in the CP Directory entry (i.e. What is the mode of the disk), and what is in the console log when the user was logged in that could give a clue about the status of the disk when the user was initialized? The mode will tell you the condition(s) that could lead to it being read only (other users having it read/write or even read only), and the log may even tell you which or how many users gummed up the works, or when things when oval on you. In any case, it had to have happened at some point, and there has to be a footprint, if you keep your logs. -- Robert P. Nix Mayo Foundation.~. RO-OC-1-18 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. On 3/1/11 2:23 PM, Steve Perez sspe...@corelogic.commailto:sspe...@corelogic.com wrote: Hello All, Has anyone run into a situation where the zLinux OS disk has become READ- ONLY access? We are running z/Linux under z/VM 5.4 Redhat 5.4. My zLinux Admin were doing compares between the production environment versus the Test D/R environment and noticed it. He issued the following on the prod zLinux guest environment: # mount -o remount,rw /dev/VolGroup01/LogVol00 mount: block device /dev/VolGroup01/LogVol00 is write-protected, mounting read-only Since we are testing our D/R process at the moment for the z/VM LPAR we are unsure at this point whether that is a contributing factor. It shoul d not be but we can't rule it out. We paused our PPRC/Global mirroring fro m the z/OS side before starting the D/R activities to perform recovery of the z/VM z/Linux. The problem was found while in the middle of verifying/comparing environments on the zLinux side. I can link to the minidisk that is used to IPL that zLinux guest and it shows R/W when I issue Q LINKS. All other minidisks owned by that zLinux guest are R/W a s well. From my perspective (z/VM) all looks good. Any input would be appreciated, if anything to rule out that PPRC/GM woul d have contributed to this. Thanks. Steve. ** This message may contain confidential or proprietary information intended only for the use of the addressee(s) named above or may contain information that is legally privileged. If you are not the intended addressee, or the person responsible for delivering it to the intended addressee, you are hereby notified that reading, disseminating, distributing or copying this message is strictly prohibited. If you have received this message by mistake, please immediately notify us by replying to the message and delete the original message and any copies immediately
Re: CMS SFS Question
That's NOT the scenario you gave in your original note! You wrote about deleting Richard when you wrote: It is possible for one user to grant access to other users who are not enrolled. DELETE USER does not clean up these permissions. I don't see *any* indication that would trigger a DELETE USER Les (using your scenario, which was reversed from mine, further confusing the issue). Les Schuh, Richard wrote: It is permissions granted to users who are not enrolled that is the issue. Here is the scenario: User Richard is enrolled User Les is not enrolled Richard grants Les some SFS authorities. DELETE USER LES is issued without enrolling LES (or no DELETE USER is issued for LES) The authorities granted to LES by RICHARD are left hanging and will be applied to any newly created LES regardless of the identity of the owner. If LES is enrolled before the DELETE USER, those authorities granted to LES by others are removed. By doing the ENROLL for 0 blocks for any userid that is to be deleted, no ghost authorities are given to new users. The userids are unconditionally enrolled. If the user has already been enrolled and owns a file space, the enroll will fail. Because all I care about is that the user be enrolled, I ignore that failure. Regards, Richard Schuh -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Les Koehler Sent: Tuesday, March 01, 2011 1:24 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: CMS SFS Question I guess there's something implied there that I don't get. Scenario, from your note: Your task is to delete LES, who is enrolled, from the SFS system LES has granted rights to RICHARD but RICHARD is not enrolled How does enrolling LES for 0 blocks do anything about the granted rights that RICHARD has? Les Schuh, Richard wrote: I simply enroll any user to be deleted for 0 blocks. The alternative is to scan the sfs directories and files looking for such users. It is much easier to attempt the enroll. If it fails, it is because the user is already enrolled. Regards, Richard Schuh -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Les Koehler Sent: Tuesday, March 01, 2011 12:22 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: CMS SFS Question I'm curious: How do you find the user who is not enrolled, but granted rights to the target user to be deleted? Les Schuh, Richard wrote: The Pipe is the easiest. PIPE user list | spec /delete user/ 1 w1 nw | cms | delete log a Note, however, that if you have an SFS that has a lot of files and permissions, each DELETE USER can take a long time, so you do not want to do this on an id that you might need soon after you enter the PIPE command. In our shop, an individual DELETE USER can take upwards of 10 minutes. Cleaning up SFS when a userid is deleted is important from a security standpoint. If the same id should be given to a different person, it would automatically inherit permissions from the prior owner. You should be doing a DELETE USER every time that a userid is deleted from the directory. It is possible for one user to grant access to other users who are not enrolled. DELETE USER does not clean up these permissions. To get rid of them, you have to first enroll the user in the pool even if it is for 0 blocks. To solve this in our automated process, each user to be deleted is enrolled for 0 blocks, ignoring the return code. We don't care if the user is already enrolled, the attempt does no harm. After the enroll, the deletion will clean out all permissions granted to or by the user being deleted. Regards, Richard Schuh -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Rick Troth Sent: Tuesday, March 01, 2011 10:54 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: CMS SFS Question Nahh ... even easier ... Pipes. I'm thinking two pipes. One to gather the Q ENROLL output then a second to actually perform the deletes. In between shove that Q ENROLL output into a file, manually edit for confirmation, then feed the selected content into DELETE USER. -- R; Rick Troth Velocity Software http://www.velocitysoftware.com/ On Tue, 1 Mar 2011, Rich Smrcina wrote: REXX? On 03/01/2011 12:35 PM, Wandschneider, Scott wrote: Is there a way to delete multiple users at once or create a batch job to delete multiple users that are enrolled in SFS? Thank you, Scott R Wandschneider Systems Programmer 3|| Infocrossing, a Wipro Company || 11707 Miracle Hills Drive, Omaha, NE, 68154-4457|| ': 402.963.8905 || Ë:847.849.7223 || : scott.wandschnei...@infocrossing.com **Think Green - Please print responsibly** Confidentiality Note: This e-mail, including any attachment to it, may contain material that is confidential, proprietary, privileged and/or Protected Health Information, within the meaning of the regulations
Re: zLinux OS disk read-only
Did you check your PPRC responses? We had some errors when we first tried DR when we first installed VM (about 1 year ago). I can't remember all the details, but it was basically saying that PPRC links had not been broken and we were trying to use Tertiary dasd. We have our second DR test next week, so we are likely to hit the same problems and probably some new ones. Regards, Tony From: Perez, Steve S sspe...@corelogic.com To: IBMVM@LISTSERV.UARK.EDU Sent: Wed, 2 March, 2011 8:21:24 AM Subject: Re: zLinux OS disk read-only No PROFILE EXEC involved. The guest machine directly IPL's the 200 mdisk, which is the OS disk of z/Linux. From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Kris Buelens Sent: Tuesday, March 01, 2011 3:36 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only The wordsM Multiple-write access are somewhat misleading. MW stands for Multiwrite. M is Multiple, you wil *not* get a link when some other user has a R/W link. With MR, one gets a R/O links when another R/W link exists. In this case, Linux had the minidisk, but in R/O mode, a fact that cannot be explained with this MDISK statement MDISK 200 3390 1 10016 LX53B5 M you get the minidisk R/W or not at all. Maybe a PROFILE EXEC did something? Like: CP Q V 200 if rc0 then 'CP LINK * 200 200 MR' 2011/3/1 Mark Pace pacemainl...@gmail.com M Multiple-write access. Write access is established unless another user holds a write, a stable (SR, SW, SM) or an exclusive (ER, EW) mode access to the disk. Looks like some other VM has that disk linked in write mode. On Tue, Mar 1, 2011 at 3:53 PM, Perez, Steve S sspe...@corelogic.com wrote: The disk is defined as follows. This is an excerpt from the CP directory: IPL 200 . LINK RHMASTER 199 199 RR MDISK 200 3390 1 10016 LX53B5 M Unfortunately, the console log did not get spooled so I don't know what the log would have indicated for that disk when the guest machine came up. That's on my follow-up list. The guest machine is IPL'd off of its OS (disk 200) disk when it comes up (in its CP Directory) so I need to find a way to spool the console when it starts and not later after it has gone through its initialization. Thanks, Steve -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of RPN01 Sent: Tuesday, March 01, 2011 2:33 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only How is the disk defined in the CP Directory entry (i.e. What is the mode of the disk), and what is in the console log when the user was logged in that could give a clue about the status of the disk when the user was initialized? The mode will tell you the condition(s) that could lead to it being read only (other users having it read/write or even read only), and the log may even tell you which or how many users gummed up the works, or when things when oval on you. In any case, it had to have happened at some point, and there has to be a footprint, if you keep your logs. -- Robert P. Nix Mayo Foundation .~. RO-OC-1-18 200 First Street SW /V\ 507-284-0844 Rochester, MN 55905 /( )\ - ^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. On 3/1/11 2:23 PM, Steve Perez sspe...@corelogic.com wrote: Hello All, Has anyone run into a situation where the zLinux OS disk has become READ- ONLY access? We are running z/Linux under z/VM 5.4 Redhat 5.4. My zLinux Admin were doing compares between the production environment versus the Test D/R environment and noticed it. He issued the following on the prod zLinux guest environment: # mount -o remount,rw /dev/VolGroup01/LogVol00 mount: block device /dev/VolGroup01/LogVol00 is write-protected, mounting read-only Since we are testing our D/R process at the moment for the z/VM LPAR we are unsure at this point whether that is a contributing factor. It shoul d not be but we can't rule it out. We paused our PPRC/Global mirroring fro m the z/OS side before starting the D/R activities to perform recovery of the z/VM z/Linux. The problem was found while in the middle of verifying/comparing environments on the zLinux side. I can link to the minidisk that is used to IPL that zLinux guest and it shows R/W when I issue Q LINKS. All other minidisks owned by that zLinux guest are R/W a s well. From my perspective (z/VM) all looks good. Any input would be appreciated, if anything to rule out that PPRC/GM woul d have contributed to this. Thanks. Steve. ** This message may contain confidential or proprietary information intended only for the use of the addressee(s) named above
Re: zLinux OS disk read-only
On Tuesday, 03/01/2011 at 04:40 EST, Perez, Steve S sspe...@corelogic.com wrote: I issued a LINK RR against it and did a Q LINKS and it shows no other link access to that disk. Would it be possible that when we paused PPRC and suspended Global Mirror on the z/OS LPAR (shared volumes between all LPARS) that it may have accessed the dasd the minidisk is on in write mode and caused the access mode on the z/VM LPAR to go into a READ-MODE? Is that probable? If someone played with the PPRC definitions, they could have reversed the primary/secondary relationship, making your volumes the secondaries. You can't write to a secondary. But I would certainly have expected messages on the operator's console if that happened. If this happened, then you break someone's fingers. GDPS breaks and restores PPRC connections only in synchronization with various flavors of CP HYPERSWAP commands. Humans or other solutions are expected to do the same. Alan Altmark z/VM and Linux on System z Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 alan_altm...@us.ibm.com IBM Endicott
Re: zLinux OS disk read-only
Issued the command and it still shows R/W. We will bounce the guest machine off hours to determine if that will fix the problem. The VM Operator log does not show any errors that would indicate a write inhibit on the dasd/disk.. Steve From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Marcy Cortes Sent: Tuesday, March 01, 2011 3:50 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only Do a vmcp q v dasd If it shows r/w and is still not working, log the guest off and back on. If it works then, that would indicate it is some kind of RH problem and Linux was confused. If it still does not work, check the VM Operator log for any write inhibit HCP* error messages. That would indicate some problem with the HW stop you did. Marcy From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Perez, Steve S Sent: Tuesday, March 01, 2011 1:41 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: [IBMVM] zLinux OS disk read-only I issued a LINK RR against it and did a Q LINKS and it shows no other link access to that disk. Would it be possible that when we paused PPRC and suspended Global Mirror on the z/OS LPAR (shared volumes between all LPARS) that it may have accessed the dasd the minidisk is on in write mode and caused the access mode on the z/VM LPAR to go into a READ-MODE? Is that probable? Steve. From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Mark Pace Sent: Tuesday, March 01, 2011 2:57 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only M Multiple-write access. Write access is established unless another user holds a write, a stable (SR, SW, SM) or an exclusive (ER, EW) mode access to the disk. Looks like some other VM has that disk linked in write mode. On Tue, Mar 1, 2011 at 3:53 PM, Perez, Steve S sspe...@corelogic.commailto:sspe...@corelogic.com wrote: The disk is defined as follows. This is an excerpt from the CP directory: IPL 200 . LINK RHMASTER 199 199 RR MDISK 200 3390 1 10016 LX53B5 M Unfortunately, the console log did not get spooled so I don't know what the log would have indicated for that disk when the guest machine came up. That's on my follow-up list. The guest machine is IPL'd off of its OS (disk 200) disk when it comes up (in its CP Directory) so I need to find a way to spool the console when it starts and not later after it has gone through its initialization. Thanks, Steve -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDUmailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of RPN01 Sent: Tuesday, March 01, 2011 2:33 PM To: IBMVM@LISTSERV.UARK.EDUmailto:IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only How is the disk defined in the CP Directory entry (i.e. What is the mode of the disk), and what is in the console log when the user was logged in that could give a clue about the status of the disk when the user was initialized? The mode will tell you the condition(s) that could lead to it being read only (other users having it read/write or even read only), and the log may even tell you which or how many users gummed up the works, or when things when oval on you. In any case, it had to have happened at some point, and there has to be a footprint, if you keep your logs. -- Robert P. Nix Mayo Foundation.~. RO-OC-1-18 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. On 3/1/11 2:23 PM, Steve Perez sspe...@corelogic.commailto:sspe...@corelogic.com wrote: Hello All, Has anyone run into a situation where the zLinux OS disk has become READ- ONLY access? We are running z/Linux under z/VM 5.4 Redhat 5.4. My zLinux Admin were doing compares between the production environment versus the Test D/R environment and noticed it. He issued the following on the prod zLinux guest environment: # mount -o remount,rw /dev/VolGroup01/LogVol00 mount: block device /dev/VolGroup01/LogVol00 is write-protected, mounting read-only Since we are testing our D/R process at the moment for the z/VM LPAR we are unsure at this point whether that is a contributing factor. It shoul d not be but we can't rule it out. We paused our PPRC/Global mirroring fro m the z/OS side before starting the D/R activities to perform recovery of the z/VM z/Linux. The problem was found while in the middle of verifying/comparing environments on the zLinux side. I can link to the minidisk that is used to IPL that zLinux guest and it shows R/W when I issue Q LINKS. All other minidisks owned by that zLinux guest are R/W a s well. From my perspective (z/VM) all looks good. Any input would be appreciated, if anything to
Re: zLinux OS disk read-only
You said you ended up with the disk in read-only mode, but M would imply that if you couldn¹t get it in read-write mode, you wouldn¹t get it at all. This would lead me to believe that there might have been fingers at work on the console after the log-in and before the boot that might have subsequently linked the disk, possibly with a ³LINK * 200 200 MR², maybe? Again, the console log would lead to the footprint of the perp that would tell all. Another fine way to handle the situation and allow some control would be to IPL the guest into CMS before starting the Linux guest. Set up the machine using the CMS profile and do your sanity checks there, then IPL the Linux boot disk when you know things will go well. Given our two CEC environment, and our history before going into CSE, we use this method to check that the image was last run on the current LPAR before IPLing the Linux image, to be sure that it can¹t be running in the other CEC. We had the same image booted on both systems at the same time once too often, destroying the image (i.e... Once) We use a read-only CMS 191 with a profile to perform this vital sanity check (for us) before allowing the Linux image to start. (In fact, all our linux images share the same 191 minidisk.) Checking the Linux disks to be sure they are RW certainly wouldn¹t hurt as well. It would be a simple task, especially if you stuck to a standard addressing scheme for all your images. Just an idea to think about. -- Robert P. Nix Mayo Foundation.~. RO-OC-1-18 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. On 3/1/11 3:40 PM, Perez, Steve S sspe...@corelogic.com wrote: I issued a LINK RR against it and did a Q LINKS and it shows no other link access to that disk. Would it be possible that when we paused PPRC and suspended Global Mirror on the z/OS LPAR (shared volumes between all LPARS) that it may have accessed the dasd the minidisk is on in write mode and caused the access mode on the z/VM LPAR to go into a READ-MODE? Is that probable? Steve. From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Mark Pace Sent: Tuesday, March 01, 2011 2:57 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only M Multiple-write access. Write access is established unless another user holds a write, a stable (SR, SW, SM) or an exclusive (ER, EW) mode access to the disk. Looks like some other VM has that disk linked in write mode. On Tue, Mar 1, 2011 at 3:53 PM, Perez, Steve S sspe...@corelogic.com wrote: The disk is defined as follows. This is an excerpt from the CP directory: IPL 200 . LINK RHMASTER 199 199 RR MDISK 200 3390 1 10016 LX53B5 M Unfortunately, the console log did not get spooled so I don't know what the log would have indicated for that disk when the guest machine came up. That's on my follow-up list. The guest machine is IPL'd off of its OS (disk 200) disk when it comes up (in its CP Directory) so I need to find a way to spool the console when it starts and not later after it has gone through its initialization. Thanks, Steve -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of RPN01 Sent: Tuesday, March 01, 2011 2:33 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only How is the disk defined in the CP Directory entry (i.e. What is the mode of the disk), and what is in the console log when the user was logged in that could give a clue about the status of the disk when the user was initialized? The mode will tell you the condition(s) that could lead to it being read only (other users having it read/write or even read only), and the log may even tell you which or how many users gummed up the works, or when things when oval on you. In any case, it had to have happened at some point, and there has to be a footprint, if you keep your logs. -- Robert P. Nix Mayo Foundation.~. RO-OC-1-18 200 First Street SW /V\ 507-284-0844 Rochester, MN 55905 /( )\ - ^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. On 3/1/11 2:23 PM, Steve Perez sspe...@corelogic.com wrote: Hello All, Has anyone run into a situation where the zLinux OS disk has become READ- ONLY access? We are running z/Linux under z/VM 5.4 Redhat 5.4. My zLinux Admin were doing compares between the production environment versus the Test D/R environment and noticed it. He issued the following on the prod zLinux guest environment: # mount -o remount,rw /dev/VolGroup01/LogVol00 mount: block device
Re: zLinux OS disk read-only
Yes we looked at PPRC output and no indication of errors. All PPRC responses were normal and commands successfully completed. Steve. From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Tony Saul Sent: Tuesday, March 01, 2011 4:17 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only Did you check your PPRC responses? We had some errors when we first tried DR when we first installed VM (about 1 year ago). I can't remember all the details, but it was basically saying that PPRC links had not been broken and we were trying to use Tertiary dasd. We have our second DR test next week, so we are likely to hit the same problems and probably some new ones. Regards, Tony From: Perez, Steve S sspe...@corelogic.com To: IBMVM@LISTSERV.UARK.EDU Sent: Wed, 2 March, 2011 8:21:24 AM Subject: Re: zLinux OS disk read-only No PROFILE EXEC involved. The guest machine directly IPL's the 200 mdisk, which is the OS disk of z/Linux. From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Kris Buelens Sent: Tuesday, March 01, 2011 3:36 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only The words M Multiple-write access are somewhat misleading. MW stands for Multiwrite. M is Multiple, you wil *not* get a link when some other user has a R/W link. With MR, one gets a R/O links when another R/W link exists. In this case, Linux had the minidisk, but in R/O mode, a fact that cannot be explained with this MDISK statement MDISK 200 3390 1 10016 LX53B5 M you get the minidisk R/W or not at all. Maybe a PROFILE EXEC did something? Like: CP Q V 200 if rc0 then 'CP LINK * 200 200 MR' 2011/3/1 Mark Pace pacemainl...@gmail.commailto:pacemainl...@gmail.com M Multiple-write access. Write access is established unless another user holds a write, a stable (SR, SW, SM) or an exclusive (ER, EW) mode access to the disk. Looks like some other VM has that disk linked in write mode. On Tue, Mar 1, 2011 at 3:53 PM, Perez, Steve S sspe...@corelogic.commailto:sspe...@corelogic.com wrote: The disk is defined as follows. This is an excerpt from the CP directory: IPL 200 . LINK RHMASTER 199 199 RR MDISK 200 3390 1 10016 LX53B5 M Unfortunately, the console log did not get spooled so I don't know what the log would have indicated for that disk when the guest machine came up. That's on my follow-up list. The guest machine is IPL'd off of its OS (disk 200) disk when it comes up (in its CP Directory) so I need to find a way to spool the console when it starts and not later after it has gone through its initialization. Thanks, Steve -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDUmailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of RPN01 Sent: Tuesday, March 01, 2011 2:33 PM To: IBMVM@LISTSERV.UARK.EDUmailto:IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only How is the disk defined in the CP Directory entry (i.e. What is the mode of the disk), and what is in the console log when the user was logged in that could give a clue about the status of the disk when the user was initialized? The mode will tell you the condition(s) that could lead to it being read only (other users having it read/write or even read only), and the log may even tell you which or how many users gummed up the works, or when things when oval on you. In any case, it had to have happened at some point, and there has to be a footprint, if you keep your logs. -- Robert P. Nix Mayo Foundation.~. RO-OC-1-18 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. On 3/1/11 2:23 PM, Steve Perez sspe...@corelogic.commailto:sspe...@corelogic.com wrote: Hello All, Has anyone run into a situation where the zLinux OS disk has become READ- ONLY access? We are running z/Linux under z/VM 5.4 Redhat 5.4. My zLinux Admin were doing compares between the production environment versus the Test D/R environment and noticed it. He issued the following on the prod zLinux guest environment: # mount -o remount,rw /dev/VolGroup01/LogVol00 mount: block device /dev/VolGroup01/LogVol00 is write-protected, mounting read-only Since we are testing our D/R process at the moment for the z/VM LPAR we are unsure at this point whether that is a contributing factor. It shoul d not be but we can't rule it out. We paused our PPRC/Global mirroring fro m the z/OS side before starting the D/R activities to perform recovery of the z/VM z/Linux. The problem was found while in the middle of verifying/comparing environments on the zLinux side. I can link to the minidisk that is used to IPL that zLinux
Re: zLinux OS disk read-only
Good ideas! Again, the console log would lead to the footprint of the perp that would tell all. Which leads to another place that might tell... if you have an ESM (External Security Manager) it might have an audit file showing LINK attempts. For example, VM:Secure writes its audit file to the VMSECURE 1D0 mdisk. Mike Walter Aon Corporation The opinions expressed herein are mine alone, not my employer's. RPN01 nix.rob...@mayo.edu Sent by: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU 03/01/2011 04:28 PM Please respond to The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU To IBMVM@LISTSERV.UARK.EDU cc Subject Re: zLinux OS disk read-only You said you ended up with the disk in read-only mode, but M would imply that if you couldn?t get it in read-write mode, you wouldn?t get it at all. This would lead me to believe that there might have been fingers at work on the console after the log-in and before the boot that might have subsequently linked the disk, possibly with a ?LINK * 200 200 MR?, maybe? Again, the console log would lead to the footprint of the perp that would tell all. Another fine way to handle the situation and allow some control would be to IPL the guest into CMS before starting the Linux guest. Set up the machine using the CMS profile and do your sanity checks there, then IPL the Linux boot disk when you know things will go well. Given our two CEC environment, and our history before going into CSE, we use this method to check that the image was last run on the current LPAR before IPLing the Linux image, to be sure that it can?t be running in the other CEC. We had the same image booted on both systems at the same time once too often, destroying the image (i.e... Once) We use a read-only CMS 191 with a profile to perform this vital sanity check (for us) before allowing the Linux image to start. (In fact, all our linux images share the same 191 minidisk.) Checking the Linux disks to be sure they are RW certainly wouldn?t hurt as well. It would be a simple task, especially if you stuck to a standard addressing scheme for all your images. Just an idea to think about. -- Robert P. Nix Mayo Foundation.~. RO-OC-1-18 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. On 3/1/11 3:40 PM, Perez, Steve S sspe...@corelogic.com wrote: I issued a LINK RR against it and did a Q LINKS and it shows no other link access to that disk. Would it be possible that when we paused PPRC and suspended Global Mirror on the z/OS LPAR (shared volumes between all LPARS) that it may have accessed the dasd the minidisk is on in write mode and caused the access mode on the z/VM LPAR to go into a READ-MODE? Is that probable? Steve. From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Mark Pace Sent: Tuesday, March 01, 2011 2:57 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only M Multiple-write access. Write access is established unless another user holds a write, a stable (SR, SW, SM) or an exclusive (ER, EW) mode access to the disk. Looks like some other VM has that disk linked in write mode. On Tue, Mar 1, 2011 at 3:53 PM, Perez, Steve S sspe...@corelogic.com wrote: The disk is defined as follows. This is an excerpt from the CP directory: IPL 200 . LINK RHMASTER 199 199 RR MDISK 200 3390 1 10016 LX53B5 M Unfortunately, the console log did not get spooled so I don't know what the log would have indicated for that disk when the guest machine came up. That's on my follow-up list. The guest machine is IPL'd off of its OS (disk 200) disk when it comes up (in its CP Directory) so I need to find a way to spool the console when it starts and not later after it has gone through its initialization. Thanks, Steve -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of RPN01 Sent: Tuesday, March 01, 2011 2:33 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only How is the disk defined in the CP Directory entry (i.e. What is the mode of the disk), and what is in the console log when the user was logged in that could give a clue about the status of the disk when the user was initialized? The mode will tell you the condition(s) that could lead to it being read only (other users having it read/write or even read only), and the log may even tell you which or how many users gummed up the works, or when things when oval on you. In any case, it had to have happened at some point, and there has to be a footprint, if you keep your logs. -- Robert P. Nix Mayo Foundation.~. RO-OC-1-18 200 First Street SW /V\ 507-284-0844 Rochester, MN 55905 /( )\ -
Re: zLinux OS disk read-only
When my zLinux Admin issued this command in the zLinux guest machine, he got the write-protected message indicating to him that the OS disk is read-only... # mount -o remount,rw /dev/VolGroup01/LogVol00 mount: block device /dev/VolGroup01/LogVol00 is write-protected, mounting read-only He said it wasn't like that yesterday. The likelihood of a finger check is very minimal since the way we have these guest machines start up, which is directly IPL it's OS disk (addr 200). My zLinux Admin tells me that it was fine Monday before the D/R test started this morning. He himself I guess could have finger checked, but he knows very little about how VM works let alone issue the command to link the OS disk device R/O. Thank you for the suggestion on IPLing the guest into CMS first. I will look into it again at some point when more time allows. But in the meantime, this bizarre occurrence has puzzled us. I have since set the console to start at IPL/startup of the guest machine to get some console activity log to see what he's doing at startup. Thanks for you assistance. Kind Regards, Steve. From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of RPN01 Sent: Tuesday, March 01, 2011 4:29 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only You said you ended up with the disk in read-only mode, but M would imply that if you couldn't get it in read-write mode, you wouldn't get it at all. This would lead me to believe that there might have been fingers at work on the console after the log-in and before the boot that might have subsequently linked the disk, possibly with a LINK * 200 200 MR, maybe? Again, the console log would lead to the footprint of the perp that would tell all. Another fine way to handle the situation and allow some control would be to IPL the guest into CMS before starting the Linux guest. Set up the machine using the CMS profile and do your sanity checks there, then IPL the Linux boot disk when you know things will go well. Given our two CEC environment, and our history before going into CSE, we use this method to check that the image was last run on the current LPAR before IPLing the Linux image, to be sure that it can't be running in the other CEC. We had the same image booted on both systems at the same time once too often, destroying the image (i.e... Once) We use a read-only CMS 191 with a profile to perform this vital sanity check (for us) before allowing the Linux image to start. (In fact, all our linux images share the same 191 minidisk.) Checking the Linux disks to be sure they are RW certainly wouldn't hurt as well. It would be a simple task, especially if you stuck to a standard addressing scheme for all your images. Just an idea to think about. -- Robert P. Nix Mayo Foundation.~. RO-OC-1-18 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. On 3/1/11 3:40 PM, Perez, Steve S sspe...@corelogic.com wrote: I issued a LINK RR against it and did a Q LINKS and it shows no other link access to that disk. Would it be possible that when we paused PPRC and suspended Global Mirror on the z/OS LPAR (shared volumes between all LPARS) that it may have accessed the dasd the minidisk is on in write mode and caused the access mode on the z/VM LPAR to go into a READ-MODE? Is that probable? Steve. From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Mark Pace Sent: Tuesday, March 01, 2011 2:57 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only M Multiple-write access. Write access is established unless another user holds a write, a stable (SR, SW, SM) or an exclusive (ER, EW) mode access to the disk. Looks like some other VM has that disk linked in write mode. On Tue, Mar 1, 2011 at 3:53 PM, Perez, Steve S sspe...@corelogic.com wrote: The disk is defined as follows. This is an excerpt from the CP directory: IPL 200 . LINK RHMASTER 199 199 RR MDISK 200 3390 1 10016 LX53B5 M Unfortunately, the console log did not get spooled so I don't know what the log would have indicated for that disk when the guest machine came up. That's on my follow-up list. The guest machine is IPL'd off of its OS (disk 200) disk when it comes up (in its CP Directory) so I need to find a way to spool the console when it starts and not later after it has gone through its initialization. Thanks, Steve -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of RPN01 Sent: Tuesday, March 01, 2011 2:33 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only How is the disk defined in the CP Directory entry (i.e. What is the mode of
Re: zLinux OS disk read-only
We do not have an ESM in place at the moment. We are still new to zLinux and still getting out feet wet. -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Mike Walter Sent: Tuesday, March 01, 2011 4:43 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only Good ideas! Again, the console log would lead to the footprint of the perp that would tell all. Which leads to another place that might tell... if you have an ESM (External Security Manager) it might have an audit file showing LINK attempts. For example, VM:Secure writes its audit file to the VMSECURE 1D0 mdisk. Mike Walter Aon Corporation The opinions expressed herein are mine alone, not my employer's. RPN01 nix.rob...@mayo.edu Sent by: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU 03/01/2011 04:28 PM Please respond to The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU To IBMVM@LISTSERV.UARK.EDU cc Subject Re: zLinux OS disk read-only You said you ended up with the disk in read-only mode, but M would imply that if you couldn?t get it in read-write mode, you wouldn?t get it at all. This would lead me to believe that there might have been fingers at work on the console after the log-in and before the boot that might have subsequently linked the disk, possibly with a ?LINK * 200 200 MR?, maybe? Again, the console log would lead to the footprint of the perp that would tell all. Another fine way to handle the situation and allow some control would be to IPL the guest into CMS before starting the Linux guest. Set up the machine using the CMS profile and do your sanity checks there, then IPL the Linux boot disk when you know things will go well. Given our two CEC environment, and our history before going into CSE, we use this method to check that the image was last run on the current LPAR before IPLing the Linux image, to be sure that it can?t be running in the other CEC. We had the same image booted on both systems at the same time once too often, destroying the image (i.e... Once) We use a read-only CMS 191 with a profile to perform this vital sanity check (for us) before allowing the Linux image to start. (In fact, all our linux images share the same 191 minidisk.) Checking the Linux disks to be sure they are RW certainly wouldn?t hurt as well. It would be a simple task, especially if you stuck to a standard addressing scheme for all your images. Just an idea to think about. -- Robert P. Nix Mayo Foundation.~. RO-OC-1-18 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. On 3/1/11 3:40 PM, Perez, Steve S sspe...@corelogic.com wrote: I issued a LINK RR against it and did a Q LINKS and it shows no other link access to that disk. Would it be possible that when we paused PPRC and suspended Global Mirror on the z/OS LPAR (shared volumes between all LPARS) that it may have accessed the dasd the minidisk is on in write mode and caused the access mode on the z/VM LPAR to go into a READ-MODE? Is that probable? Steve. From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Mark Pace Sent: Tuesday, March 01, 2011 2:57 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only M Multiple-write access. Write access is established unless another user holds a write, a stable (SR, SW, SM) or an exclusive (ER, EW) mode access to the disk. Looks like some other VM has that disk linked in write mode. On Tue, Mar 1, 2011 at 3:53 PM, Perez, Steve S sspe...@corelogic.com wrote: The disk is defined as follows. This is an excerpt from the CP directory: IPL 200 . LINK RHMASTER 199 199 RR MDISK 200 3390 1 10016 LX53B5 M Unfortunately, the console log did not get spooled so I don't know what the log would have indicated for that disk when the guest machine came up. That's on my follow-up list. The guest machine is IPL'd off of its OS (disk 200) disk when it comes up (in its CP Directory) so I need to find a way to spool the console when it starts and not later after it has gone through its initialization. Thanks, Steve -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of RPN01 Sent: Tuesday, March 01, 2011 2:33 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only How is the disk defined in the CP Directory entry (i.e. What is the mode of the disk), and what is in the console log when the user was logged in that could give a clue about the status of the disk when the user was initialized? The mode will tell you the condition(s) that could lead to it being read only (other users having it read/write or even read only), and the log may even tell you which or how many users gummed
Re: zLinux OS disk read-only
Are there any additional messages in /var/log/messages when he attempts the mount command? You can start spooling your console immediately with vmcp spool cons \* start (prefix the * with \ from Linux ) You might be getting some messages either on the console or on the /var/log/messages when the mount command fails. Marcy From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Perez, Steve S Sent: Tuesday, March 01, 2011 3:00 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: [IBMVM] zLinux OS disk read-only When my zLinux Admin issued this command in the zLinux guest machine, he got the write-protected message indicating to him that the OS disk is read-only... # mount -o remount,rw /dev/VolGroup01/LogVol00 mount: block device /dev/VolGroup01/LogVol00 is write-protected, mounting read-only He said it wasn't like that yesterday. The likelihood of a finger check is very minimal since the way we have these guest machines start up, which is directly IPL it's OS disk (addr 200). My zLinux Admin tells me that it was fine Monday before the D/R test started this morning. He himself I guess could have finger checked, but he knows very little about how VM works let alone issue the command to link the OS disk device R/O. Thank you for the suggestion on IPLing the guest into CMS first. I will look into it again at some point when more time allows. But in the meantime, this bizarre occurrence has puzzled us. I have since set the console to start at IPL/startup of the guest machine to get some console activity log to see what he's doing at startup. Thanks for you assistance. Kind Regards, Steve. From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of RPN01 Sent: Tuesday, March 01, 2011 4:29 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only You said you ended up with the disk in read-only mode, but M would imply that if you couldn't get it in read-write mode, you wouldn't get it at all. This would lead me to believe that there might have been fingers at work on the console after the log-in and before the boot that might have subsequently linked the disk, possibly with a LINK * 200 200 MR, maybe? Again, the console log would lead to the footprint of the perp that would tell all. Another fine way to handle the situation and allow some control would be to IPL the guest into CMS before starting the Linux guest. Set up the machine using the CMS profile and do your sanity checks there, then IPL the Linux boot disk when you know things will go well. Given our two CEC environment, and our history before going into CSE, we use this method to check that the image was last run on the current LPAR before IPLing the Linux image, to be sure that it can't be running in the other CEC. We had the same image booted on both systems at the same time once too often, destroying the image (i.e... Once) We use a read-only CMS 191 with a profile to perform this vital sanity check (for us) before allowing the Linux image to start. (In fact, all our linux images share the same 191 minidisk.) Checking the Linux disks to be sure they are RW certainly wouldn't hurt as well. It would be a simple task, especially if you stuck to a standard addressing scheme for all your images. Just an idea to think about. -- Robert P. Nix Mayo Foundation.~. RO-OC-1-18 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different. On 3/1/11 3:40 PM, Perez, Steve S sspe...@corelogic.com wrote: I issued a LINK RR against it and did a Q LINKS and it shows no other link access to that disk. Would it be possible that when we paused PPRC and suspended Global Mirror on the z/OS LPAR (shared volumes between all LPARS) that it may have accessed the dasd the minidisk is on in write mode and caused the access mode on the z/VM LPAR to go into a READ-MODE? Is that probable? Steve. From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Mark Pace Sent: Tuesday, March 01, 2011 2:57 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: zLinux OS disk read-only M Multiple-write access. Write access is established unless another user holds a write, a stable (SR, SW, SM) or an exclusive (ER, EW) mode access to the disk. Looks like some other VM has that disk linked in write mode. On Tue, Mar 1, 2011 at 3:53 PM, Perez, Steve S sspe...@corelogic.com wrote: The disk is defined as follows. This is an excerpt from the CP directory: IPL 200 . LINK RHMASTER 199 199 RR MDISK 200 3390 1 10016 LX53B5 M Unfortunately, the console log did not get spooled so I don't know what the log would have indicated for that disk when the guest machine came up. That's on my follow-up list.
Re: CMS SFS Question
I don't believe that I said DELETE USER RICHARD. I certainly did not intend to imply that, nor did I intend for someone to infer it. I should have stated it better. Regards, Richard Schuh -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Les Koehler Sent: Tuesday, March 01, 2011 2:07 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: CMS SFS Question That's NOT the scenario you gave in your original note! You wrote about deleting Richard when you wrote: It is possible for one user to grant access to other users who are not enrolled. DELETE USER does not clean up these permissions. I don't see *any* indication that would trigger a DELETE USER Les (using your scenario, which was reversed from mine, further confusing the issue). Les Schuh, Richard wrote: It is permissions granted to users who are not enrolled that is the issue. Here is the scenario: User Richard is enrolled User Les is not enrolled Richard grants Les some SFS authorities. DELETE USER LES is issued without enrolling LES (or no DELETE USER is issued for LES) The authorities granted to LES by RICHARD are left hanging and will be applied to any newly created LES regardless of the identity of the owner. If LES is enrolled before the DELETE USER, those authorities granted to LES by others are removed. By doing the ENROLL for 0 blocks for any userid that is to be deleted, no ghost authorities are given to new users. The userids are unconditionally enrolled. If the user has already been enrolled and owns a file space, the enroll will fail. Because all I care about is that the user be enrolled, I ignore that failure. Regards, Richard Schuh -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Les Koehler Sent: Tuesday, March 01, 2011 1:24 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: CMS SFS Question I guess there's something implied there that I don't get. Scenario, from your note: Your task is to delete LES, who is enrolled, from the SFS system LES has granted rights to RICHARD but RICHARD is not enrolled How does enrolling LES for 0 blocks do anything about the granted rights that RICHARD has? Les Schuh, Richard wrote: I simply enroll any user to be deleted for 0 blocks. The alternative is to scan the sfs directories and files looking for such users. It is much easier to attempt the enroll. If it fails, it is because the user is already enrolled. Regards, Richard Schuh -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Les Koehler Sent: Tuesday, March 01, 2011 12:22 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: CMS SFS Question I'm curious: How do you find the user who is not enrolled, but granted rights to the target user to be deleted? Les Schuh, Richard wrote: The Pipe is the easiest. PIPE user list | spec /delete user/ 1 w1 nw | cms | delete log a Note, however, that if you have an SFS that has a lot of files and permissions, each DELETE USER can take a long time, so you do not want to do this on an id that you might need soon after you enter the PIPE command. In our shop, an individual DELETE USER can take upwards of 10 minutes. Cleaning up SFS when a userid is deleted is important from a security standpoint. If the same id should be given to a different person, it would automatically inherit permissions from the prior owner. You should be doing a DELETE USER every time that a userid is deleted from the directory. It is possible for one user to grant access to other users who are not enrolled. DELETE USER does not clean up these permissions. To get rid of them, you have to first enroll the user in the pool even if it is for 0 blocks. To solve this in our automated process, each user to be deleted is enrolled for 0 blocks, ignoring the return code. We don't care if the user is already enrolled, the attempt does no harm. After the enroll, the deletion will clean out all permissions granted to or by the user being deleted. Regards, Richard Schuh -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Rick Troth Sent: Tuesday, March 01, 2011 10:54 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: CMS SFS Question Nahh ... even easier ... Pipes. I'm thinking two pipes. One to gather the Q ENROLL output then a second to actually perform the deletes. In between shove that Q ENROLL output into a file, manually edit for confirmation, then feed the selected content into DELETE USER. -- R; Rick Troth Velocity Software http://www.velocitysoftware.com/ On Tue, 1 Mar 2011, Rich Smrcina wrote: REXX? On 03/01/2011