Unable to (un)mount file systems after z/OS 2.3 upgrade

book

Article ID: 101841

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC

Issue/Introduction



Observed a violation and the following in ACFRPTOM after we upgraded to z/OS 2.3:

CA Mainframe Security - z/OS USS Event Log - PAGE 1 DATE xx/xx/xx (1x.1x4) TIME 16.52

SERVICE USERID GROUP UID GID SAF RC RSN
DATE TIME JOBNAME SOURCE SYSID CPU SECLABEL

ck_priv TSSPLDV TSSPMVS 164671 1010 8 8 4
xx/xx/xx 1x.1x4 xx.51.41 TSSPLDV H120 H120
Failed - User not privileged
Function: unmount_setuid

The userid in question has access to R(UNI) $KEY(SUPERUSER) "FILESYS.-" with SERVICE(READ) ALLOW
As per IBM documentation this is what should be required (as it was working fine with z/OS 2.2):
SUPERUSER.FILESYS.MOUNT on the UNIXPRIV class.

Environment

Release:
Component: ACF2MS

Resolution

In z/OS 2.3, the mount is done with SETUID and requires UPDATE authority instead of READ.