BPX security issues using XCOM for z/OS in OMVS USS
search cancel

BPX security issues using XCOM for z/OS in OMVS USS

book

Article ID: 103182

calendar_today

Updated On:

Products

XCOM Data Transport XCOM Data Transport - z/OS

Issue/Introduction

Using XCOM™ Data Transport® for z/OS to transfer USS files.
Getting
ICH420I PROGRAM CCS@ZE01 FROM LIBRARY PISV.CAS9.CAW0LINK CAUSED THE ENVIRONMENT TO BECOME UNCONTROLLED.
BPXP014I ENVIRONMENT MUST BE CONTROLLED FOR DAEMON (BPX.DAEMON) PROCESSING.
XCOMM0128I XCOM12 REQ#=123456 FOLLOWING FMH7 SENT TO CONVERSATION PARTNER
XCOMM0854E XCOM12 REQ#=123456 SAF SECURITY FAILED, 320 RV=FFFFFFFF, RC=0000008B, REAS=130102AF,/opt/XCOM/filetst
ICH420I PROGRAM CCS@ZE01 FROM LIBRARY PISV.CAS9.CAW0LINK CAUSED THE ENVIRONMENT TO BECOME UNCONTROLLED.
BPXP014I ENVIRONMENT MUST BE CONTROLLED FOR DAEMON (BPX.DAEMON) PROCESSING. 

What are the requirements to transfer USS files with XCOM?

Environment

  • XCOM™ Data Transport® for z/OS
  • z/OS UNIX System Services
  • RACF

Resolution

These messages indicate that security (RACF) is rejecting XCOM's request for the reason given in the ICH420I message. Please check carefully the definition of CCS@ZE01 and the library named in the message to RACF.
Things to check:

  • Add the XCOM userid to BPX.SERVER resource
  • Add the XCOMXFER program to PROGRAM control resource
  • Add CCS@ZE01 program to PROGRAM control resource
  • Recycle XCOM after making these changes

Also please refer to Tech Tips: Some additional information on message XCOMM0854E.

Additional Information

For basic information about OMVS and USS Files with XCOM, please refer to these sections in the XCOM Data Transport for z/OS - 12.0 documentation online. 

Address OMVS Requirements 

Ensure the value set for the BPX PARMLIB parameter MAXPROCUSER handles the number of processes that XCOM tasks use. XCOM functions run at the subtask level. Each subtask is considered a process due to the new version of ETPKI that is distributed with this release. The new version of ETPKI requires a POSIX environment.

Functions that run as a subtask:

  • TCPIP transfers
  • Setting SECURITY=SAF
  • SNA transfers
  • USS file transfers
  • ISPF
  • Inquiry for transfers (TYPE=INQUIRE)
  • History requests (TYPE=HISTORY or using ISPF)

Consider setting the value for MAXPROCUSER by using the following formula:

MAXPROCUSER value = MAXTASK x 2 + nn

The number nn is the number of active TCP/IP listeners.

Security Considerations for USS Files  
USS support enforces SAF security for all transfers that involve a USS file, regardless of the SECURITY= parameter in the default table, config member or EXEC statement. 

USS Files 
This section in our online documentation describes special considerations for handling USS files, including HFS, ZFS, and TFS files. 

Powered by Wolken Software