The following is seen in the TSSOERPT. What does it mean?
SERVICE USERID GROUP UID GID SAF RC RSN
DATE TIME JOBNAME SOURCE SYSID CPU SECLABEL
R_IPC_ctl WWWSERV WWWGROUP 228 207 8 8 4
01/09/17 17.009 13.03.35 IMWEBSRV SYP
Failed - The user is not authorized
Old Permission bits - Owner: Group: --- Other: -wx
New Permission bits - Owner: rw- Group: --- Other: ---
Function code: Check Owner for Remove ID
New UID value: 0 New GID value:
Old UID value: 88 Old GID value:
Access code: No Access
IPC key from CR 18713860
IPC ID from CRE 4
User Type: Local
IPC key from II 18713860
IPC ID from IIS 4
Owner eff UID: 3000280 Owner eff GID: 1
Create eff UID: 3000280 Create eff GID: 1
S_IRUSR: Process owning the IPC member can read it
S_IWUSR: Process owning the IPC member can alter it
S_IRGRP: Group associated with the IPC member cannot read it
S_IWGRP: Group associated with the IPC member cannot alter it
S_IROTH: Others cannot read the IPC member
S_IWOTH: Others cannot alter the IPC member
The R_IPC_ctl service routine performs a function based on the function code in the parameter list. In this event, the Function code is: Check Owner for Remove ID.
The 8 8 4 (from the first line) for this indicates the user (WWWSERV) is not authorized for Check Owner for Remove ID.
From the IBM documentation at link
d.If the function is Check Owner for Remove ID, the user must be either a superuser or the effective UID of the process must match either the owner's UID or creator's UID in the IISP for a successful completion. Otherwise, the user is not authorized.
Note: If the caller is unauthorized as stated above, an authorization check is performed on the resource name in the UNIXPRIV class indicated in Table 1. If the authorization check is successful, the caller is treated as a superuser.
Table 1. UNIXPRIV class resource names used in R_IPC_ctl
Function code Resource name Access required
1-Check Owner for Remove ID SUPERUSER.IPC.RMID READ