Setup

Customize and submit FEK.SFEKSAMP(FEKSET01)

The FEKSET01 job will create a sample lock daemon started task JCL in FEK.#CUST.PROCLIB(LOCKD) for customization purposes. The original version is available as FEK.SFEKSAMP(FEKLOCKD).
//*
//* RSE LOCK DAEMON
//*
//LOCKD    PROC HOME='/usr/lpp/rdz',
//            CNFG='/etc/rdz',
//            LOG=1
//*
//LOCKD    EXEC PGM=BPXBATSL,REGION=0M,TIME=NOLIMIT,
//            PARM='PGM &HOME/bin/lockd.sh &CNFG &LOG'
//STDOUT   DD SYSOUT=*
//STDERR   DD SYSOUT=*
//         PEND
//*
The FEKSET01 job also updates the active /etc/rsed.envvars and adds the following lock daemon related statements to the end of the file:
_RSE_LOCKD_PORT=4036
_RSE_JAVAOPTS="$_RSE_JAVAOPTS -Dlock.daemon.port=$_RSE_LOCKD_PORT"
_RSE_JAVAOPTS="$_RSE_JAVAOPTS -Dlock.daemon.cleanup.interval=1440"
_RSE_LOCKD_CLASS=com.ibm.ftt.rse.mvs.server.miners.MVSLockDaemon

_RSE_LOCKD_PORT Specifies the port used by the lock daemon. The default port is 4036. Communication on this port is confined to the host. The remaining variables should not be modified.

PROCLIB updates

Customize FEK.#CUST.PROCLIB(LOCKD) and copy the member to SYS1.PROCLIB, or other valid PROCLIB data set.

PARMLIB updates

The lock daemon must be started before users log on to the RSE daemon so it can track the lock requests by these users. Therefore it is advised to start the lock daemon at system startup, for example by adding a start command to SYS1.PARMLIB(COMMNDxx).

Security settings

The lock daemon does not require any special security permits. For restricted environments, the server needs:
  • read/execute permission to Java libraries
  • read/execute permission to /usr/lpp/rdz/*
  • read permission to /etc/rdz/*
  • read permission to any data set in the rsed.envvars STEPLIB concatenation
  • read permission to the PROGRAM class profile protecting SYS1.LINKLIB (the samples in the Rational Developer for System z Host Configuration Guide (SC23-7658) use profile ** ).
When used as started task, the server must be defined to your security software
LISTUSER STCLOCK OMVS
ADDUSER STCLOCK NOPASSWORD DFLTGRP(STCGROUP) +
  OMVS(UID(9) HOME(/tmp) PROGRAM(/bin/sh)) +
  NAME('RDZ LOCK DAEMON') +
  DATA('RATIONAL DEVELOPER FOR SYSTEM Z')

RLIST STARTED LOCKD.* ALL STDATA
RDEFINE STARTED LOCKD.* +
  STDATA(USER(STCLOCK) GROUP(STCGROUP) TRUSTED(NO)) +
  DATA('RDZ LOCK DAEMON')
SETROPTS RACLIST(STARTED) REFRESH