PQ82444: FSUM8985 during applyptf for W501001 | |||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description After installing WebSphere for z/OS service level W501001, the daemon issues messages into the W501001.log file: <<< PQ74699.sh - Begin - Action=apply, Backup directory= /WebSphere/V5R0M0/cellsp/DeploymentManager/properties/service/ backup/W501001/PQ74699, Mon Oct 27 11:20:39 MST 2003 processing apply path... processing the template file: /WebSphere/V5R0M0/cellsp/DeploymentManager/config/templates/ default/nodes/servers/server1/server.xml cp: FSUM8985 Cannot reset uid or gid on file "/WebSphere/V5R0M0/cellsp/DeploymentManager/properties/service/ backup/W501001/PQ74699/server.xml": EDC5139I Operation not permitted. Warning: while backing up file /WebSphere/V5R0M0/cellsp/DeploymentManager/config/templates/ default/nodes/servers/server1/server.xml to /WebSphere/V5R0M0/cellsp/DeploymentManager/properties/service/ backup/W501001/PQ74699 Return code from cp command is 1 >>> PQ74699.sh - End - Action=apply, Backup directory=/WebSphere/V5R0M0/cellsp/DeploymentManager/properties/ service/backup/W501001/PQ74699, Mon Oct 27 11:20:40 MST 2003 --- The file backup operation did not complete. The post-installer steps were not performed. --- The failing /bin/cp command contains the -p flag which causes the utility to copy the source file's user name (UID) and group name (GID) to the target file. If the system is running with _POSIX_CHOWN_RESTRICTED activated then only superusers are allowed to change uids on files. Non-superusers are only allowed to change the GID. Attempts to change the UID in this case generate FSUM8985 message and return code 1 from the /bin/cp utility. _POSIX_CHOWN_RESTRICTED is active by default. This setting can be disabled system-wide via the CHOWN.RESTRICTED profile. This setting can be disabled for selected users and groups using the SUPERUSER.FILESYS.CHOWN profile.Local fix In order for postinstaller scripts to complete their operations as expected, ensure they are invoked by a userid which is not affected by the _POSIX_CHOWN_RESTRICTED system attribute. The preferred method for this is to 1) Define a profile in the UNIXPRIV class to protect the resource called SUPERUSER.FILESYS.CHOWN. For example: RDEFINE UNIXPRIV SUPERUSER.FILESYS.CHOWN UACC(NONE) 2) Authorize selected users that invoke postinstaller as appropriate: PERMIT SUPERUSER.FILESYS.CHOWN CLASS(UNIXPRIV) ID(appropriate-groups-and-users) ACCESS(READ) 3) Activate the UNIXPRIV class, if it is not currently active at your installation: SETROPTS CLASSACT(UNIXPRIV) 4) You must activate SETROPTS RACLIST processing for the UNIXPRIV class, if it is not already active: SETROPTS RACLIST(UNIXPRIV) 5) If SETROPTS RACLIST processing is already in effect for the UNIXPRIV class, you must refresh SETROPTS RACLIST processing in order for new or changed profiles in the UNIXPRIV class to take effect. SETROPTS RACLIST(UNIXPRIV) REFRESH -- Alternatively, to allow all z/OS UNIX users to transfer ownership of files they own to any UID or GID on the system, create a discrete profile in the UNIXPRIV class called CHOWN.UNRESTRICTED. If this profile is defined on your system, _POSIX_CHOWN_RESTRICTED will not be in effect, and all z/OS UNIX users will be allowed to issue the chown command to transfer ownership of files that they own. 1) Define the discrete profile in the UNIXPRIV class called CHOWN.UNRESTRICTED: RDEFINE UNIXPRIV CHOWN.UNRESTRICTED 2) Activate the UNIXPRIV class, if it is not currently active at your installation: SETROPTS CLASSACT(UNIXPRIV) 3) You must activate SETROPTS RACLIST processing for the UNIXPRIV class, if it is not already active. SETROPTS RACLIST(UNIXPRIV) 4) If SETROPTS RACLIST processing is already in effect for the UNIXPRIV class, you must refresh SETROPTS RACLIST processing in order for the CHOWN.UNRESTRICTED profile to take effect. SETROPTS RACLIST(UNIXPRIV) REFRESHProblem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V5.0 for z/OS * **************************************************************** * PROBLEM DESCRIPTION: Some post install scripts fail * * because they use the "-p" option on * * file copies. * **************************************************************** * RECOMMENDATION: * **************************************************************** Some post install scripts fail because they use the "-p" option on file copies. If the userid associated with the server proc is not the owner of the file being copied, the file copy will return a bad return code, making the scripts exit with a warning before they complete. If you encountered this problem, you would find this error message in the post installer service log (<service_level>).log cp: FSUM8985 Cannot reset uid or gid on file "<file name>": EDC5139I Operation not permitted These scripts may have failed during service application and returned a warning (to the console and to the post installer logs): PQ74699 MD18085 MD17901 MD18446 MD18406 WS15621.06 Their post install actions were not completed if this error was encountered.Problem conclusion Ship a new post install script reruns the affected scripts if they have not completed sucessfully. APAR PQ82444 is associated with SERVICE LEVEL W502002 of WebSphere Application Server V5.0 for z/OS.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
Publications Referenced
|
Document Information |
Current web document: swg1PQ82444.html
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ82444
IBM Group: Software Group
Modified date: Mar 3, 2004
(C) Copyright IBM Corporation 2000, 2009. All Rights Reserved.