Setting permission for files created by applications

Files created by applications running in the servant will have permission bits set according to the default umask. To change the default umask for the servant, specify the _EDC_UMASK_DFLT environment variable in the JCL procedure for the servant. Deployment manager and application servers require group read/write access to the data in their config root.

Deployment manager and application servers require group read/write access to the data in their config root. The server must run with a 007 umask in order to support system management functions. Do not change this umask setting and your server will function correctly.

On the JCL EXEC statement, specify:



PARM='ENVAR("_EDC_UMASK_DFLT=xxx")

where xxx is the umask value to use (which is 007).

Recommendation: A umask value of 007 will cause files to be created with permission bits set to 770. This is the value recommended by IBM.

Note: See the following documents for more information:


Related concepts
Setting up WebSphere Application Server for z/OS security
Security auditing
Related reference
Summary of controls



Searchable topic ID:   csecsettingperm
Last updated: Jun 21, 2007 9:56:50 PM CDT    WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/csec_settingperm.html

Library | Support | Terms of Use | Feedback