PQ62127: PERMISSION BITS ON WEBCONTAINER WORKING DIRECTORY NOT SECURE ENOUGH

APAR status
Closed as documentation error.

Error description
When using WAS 4.01 working directories, the customer notices
that his files and directories are not secure enough. For
example:
On the customer system, this is how the directories look like:
/WebSphere390/CB390/working/
Select one or more files with / or action codes.
Type  Perm  Changed (GMT)     Owner            Size  Fil       R
_ Dir    770  04/23/2002 08:15  CBSYMSR1         8192  .
_ Dir    775  04/23/2002 08:18  CBSYMSR1         8192  ..
_ Dir    750  04/23/2002 08:15  CBSYMSR1         8192  DUMMY$$
_ Dir    750  04/23/2002 08:15  CBSYMSR1         8192  SERVER
_ Dir    750  04/23/2002 08:15  WASA0AS          8192  WASA0A
_ Dir    750  04/23/2002 08:15  WASA1AS          8192  WASA1A
--> this is ok, but then:
/WebSphere390/CB390/working/WASV0A/
Select one or more files with / or action codes.
Type  Perm  Changed (GMT)     Owner            Size  Fil
_ Dir    750  04/23/2002 08:15  WASV0AS          8192  .
_ Dir    770  04/23/2002 08:15  CBSYMSR1         8192  ..
_ Dir    755  04/23/2002 08:15  WASV0AS          8192  temp
_ Dir    755  04/23/2002 08:15  WASV0AS          8192  WASV0A1
_ Dir    755  04/23/2002 08:15  WASV0AS          8192  WASV0A2
and further:
/WebSphere390/CB390/working/WASV0A/WASV0A1/
Select one or more files with / or action codes.
Type  Perm  Changed (GMT)     Owner      Size  Fil        Row 1
_ Dir    755  04/23/2002 08:15  WASV0AS  8192  .
_ Dir    750  04/23/2002 08:15  WASV0AS  8192  ..
_ Dir    755  04/23/2002 08:15  WASV0AS  8192  ITSO_Account_Serv
_ Dir    755  04/23/2002 08:15  WASV0AS  8192  PiggyBank2_WebApp
_ Dir    755  04/23/2002 08:15  WASV0AS  8192  theme_Web_Applica
_ Dir    755  04/23/2002 08:15  WASV0AS  8192  trade_Web_Applica
Customer would like to not have directories created with 755
permissions.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V4.0.1 for z/OS and OS/390                   *
****************************************************************
* PROBLEM DESCRIPTION: Files created by the application server *
*                      region do not have the correct          *
*                      permission bits set so that the System  *
*                      Management (SM) server can delete them  *
*                      when the application is uninstalled.    *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Files created by the application server region by default have
permission bits of 765. When you uninstall an application these
files will not be deleted since the SM server is under a
different userid, but in the same group as the application
servers.
Problem conclusion
Resolution for the problem reported by APAR PQ62127 already
exists by using the _EDC_UMASK_DFLT environment variable.
Documentation to change the default permission for files created
by applications will be added to the WebSphere Application
Server V4.0.1 for z/OS and OS/390: Installation and
Customization, GA22-7834 publication.

This APAR (PQ62127) requires changes to documentation.
NOTE:  Periodically, we refresh the documentation on our
Web site, so the changes might have been made before you
read this text.  To access the latest online documentation,
go to the WebSphere for z/OS product library page at:


http://www.ibm.com/software/webservers/appserv/

WebSphere Application Server V4.0.1 for z/OS and OS/390:
Installation and Customization,  GA22-7834, will be changed
as follows:

In Chapter 2:  "Preparing the base z/OS or OS/390
environment,"  a new topic was added:

Setting permission for files created by applications

Files created by applications running in the server
region will have permission bits set according to
the default umask.  To change the default umask
for the server region, specify the _EDC_UMASK_DFLT
environment variable in the JCL procedure for the
server region.

On the JCL EXEC statement, specify:

PARM='ENVAR("_EDC_UMASK_DFLT=xxx")
   where xxx is the umask value to use.

   A umask value of 007 will cause files to
   be created with permission bits set to 770.
   This is the IBM recommended value.

See the following documents for more information:

  o Language Environment Programming Reference,
     SA22-7562  for more information on ENVAR.

  o z/OS V1R3.0 C/C++ Programming Guide,
      SC09-4765 for more information on how
      to change the UMASK defaults.

  o  z/OS V1R3.0 UNIX System Services Command
      Reference, SA22-7802.
Temporary fix Comments
APAR information
APAR number PQ62127
Reported component name WEBSPHERE OS/39
Reported component ID 5655A9800
Reported release 401
Status CLOSED DOC
PE NoPE
HIPER NoHIPER
Submitted date 2002-06-11
Closed date 2002-08-13
Last modified date 2002-08-13

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:
UQ68445

Modules/Macros

Fix information
Fixed component name WASKBASE
Fixed component ID 5655A9801

Applicable component levels


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ62127
IBM Group: Software Group
Modified date: Aug 13, 2002