PQ62127: PERMISSION BITS ON WEBCONTAINER WORKING DIRECTORY NOT SECURE ENOUGH | |||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||
APAR status Closed as documentation error. Error description When using WAS 4.01 working directories, the customer notices that his files and directories are not secure enough. For example: On the customer system, this is how the directories look like: /WebSphere390/CB390/working/ Select one or more files with / or action codes. Type Perm Changed (GMT) Owner Size Fil R _ Dir 770 04/23/2002 08:15 CBSYMSR1 8192 . _ Dir 775 04/23/2002 08:18 CBSYMSR1 8192 .. _ Dir 750 04/23/2002 08:15 CBSYMSR1 8192 DUMMY$$ _ Dir 750 04/23/2002 08:15 CBSYMSR1 8192 SERVER _ Dir 750 04/23/2002 08:15 WASA0AS 8192 WASA0A _ Dir 750 04/23/2002 08:15 WASA1AS 8192 WASA1A --> this is ok, but then: /WebSphere390/CB390/working/WASV0A/ Select one or more files with / or action codes. Type Perm Changed (GMT) Owner Size Fil _ Dir 750 04/23/2002 08:15 WASV0AS 8192 . _ Dir 770 04/23/2002 08:15 CBSYMSR1 8192 .. _ Dir 755 04/23/2002 08:15 WASV0AS 8192 temp _ Dir 755 04/23/2002 08:15 WASV0AS 8192 WASV0A1 _ Dir 755 04/23/2002 08:15 WASV0AS 8192 WASV0A2 and further: /WebSphere390/CB390/working/WASV0A/WASV0A1/ Select one or more files with / or action codes. Type Perm Changed (GMT) Owner Size Fil Row 1 _ Dir 755 04/23/2002 08:15 WASV0AS 8192 . _ Dir 750 04/23/2002 08:15 WASV0AS 8192 .. _ Dir 755 04/23/2002 08:15 WASV0AS 8192 ITSO_Account_Serv _ Dir 755 04/23/2002 08:15 WASV0AS 8192 PiggyBank2_WebApp _ Dir 755 04/23/2002 08:15 WASV0AS 8192 theme_Web_Applica _ Dir 755 04/23/2002 08:15 WASV0AS 8192 trade_Web_Applica Customer would like to not have directories created with 755 permissions.Local fix Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V4.0.1 for z/OS and OS/390 * **************************************************************** * PROBLEM DESCRIPTION: Files created by the application server * * region do not have the correct * * permission bits set so that the System * * Management (SM) server can delete them * * when the application is uninstalled. * **************************************************************** * RECOMMENDATION: * **************************************************************** Files created by the application server region by default have permission bits of 765. When you uninstall an application these files will not be deleted since the SM server is under a different userid, but in the same group as the application servers.Problem conclusion Resolution for the problem reported by APAR PQ62127 already exists by using the _EDC_UMASK_DFLT environment variable. Documentation to change the default permission for files created by applications will be added to the WebSphere Application Server V4.0.1 for z/OS and OS/390: Installation and Customization, GA22-7834 publication. This APAR (PQ62127) requires changes to documentation. NOTE: Periodically, we refresh the documentation on our Web site, so the changes might have been made before you read this text. To access the latest online documentation, go to the WebSphere for z/OS product library page at: http://www.ibm.com/software/webservers/appserv/ WebSphere Application Server V4.0.1 for z/OS and OS/390: Installation and Customization, GA22-7834, will be changed as follows: In Chapter 2: "Preparing the base z/OS or OS/390 environment," a new topic was added: Setting permission for files created by applications Files created by applications running in the server region will have permission bits set according to the default umask. To change the default umask for the server region, specify the _EDC_UMASK_DFLT environment variable in the JCL procedure for the server region. On the JCL EXEC statement, specify: PARM='ENVAR("_EDC_UMASK_DFLT=xxx") where xxx is the umask value to use. A umask value of 007 will cause files to be created with permission bits set to 770. This is the IBM recommended value. See the following documents for more information: o Language Environment Programming Reference, SA22-7562 for more information on ENVAR. o z/OS V1R3.0 C/C++ Programming Guide, SC09-4765 for more information on how to change the UMASK defaults. o z/OS V1R3.0 UNIX System Services Command Reference, SA22-7802.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: UQ68445 Modules/Macros
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ62127
IBM Group: Software Group
Modified date: Aug 13, 2002
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.