If the option in the ENCOPTBL - ENHOPT ENABLE_ALTID_USS_SECURITY=(ON,75) is enabled what files are affected?
The USS files for ship are all being created with the persmissions of 777 and the files from ENUSSUTL are being created with a 775 permission.
Release : 18.0
Component : CA Endevor Software Change Manager
The file permissions given to output UNIX files are dependent on various factors:
Endevor managed files (base files and source output files)
Other output files
Files written to by CONWRITE during processor execution.
The files written by the ENUSSUTL utility, which collects package back-out information for USS processor output files are given the permissions based on the PATHOPTS and PATHMODE you have coded in the processor.
/MOVPROC PROC
//***********************************************************
//* COPY OUTPUT USING ENUSSUTL
//***********************************************************
//ENUSSUTL EXEC PGM=ENUSSUTL,MAXRC=12,ALTID=N,PARM='NOECHO'
//INPUT DD PATH='&#PFX.1OUT/',
// PATHOPTS=ORDONLY
//OUTPUT DD PATH='&#PFX.2OUT/',
// PATHOPTS=(OWRONLY,OCREAT),
// PATHMODE=(SIRWXU,SIRWXG,SIROTH,SIXOTH) ======> 775
//ENUSSIN DD *
COPY INDD 'INPUT' OUTDD 'OUTPUT' .
SELECT FILE '&C1ELMNT255' .
ENCOPTBL Feature – ENABLE_ALTID_USS_SECURITY
The optional feature ENHOPT ENABLE_ALTID_USS_SECURITY=(ON,55), will only affect the following Endevor files, if they have been created as a z/os Unix file:
**NOTE: This option has no effect on files created as a result of Package ship **
Below is an example of permissions given to files based on files originally created with the permissions of 777.
Files Define:
//MAKEDIRS EXEC PGM=BPXBATCH
//STDIN DD PATH='/dev/null',PATHOPTS=(ORDONLY)
//STDOUT DD SYSOUT=*
//STDERR DD SYSOUT=*
//STDPARM DD *
SH
cd /CA31/u/users/endevor;
rm -fr PAUS1;
mkdir -p PAUS1/STG1BASE;
mkdir -p PAUS1/STG2BASE;
mkdir -p PAUS1/STG1OUT;
mkdir -p PAUS1/STG2OUT;
mkdir -p PAUS1/STG1SOL;
mkdir -p PAUS1/STG2SOL;
mkdir -p PAUS1/RMT/STG1OUT;
mkdir -p PAUS1/RMT/STG2OUT;
mkdir -p PAUS1/TEMP/HOST;
mkdir -p PAUS1/TEMP/RMT;
chmod -R 777 PAUS1;
Optional Feature set:
*********************************************************************
* OPTIONALLY ENABLE ALTERNATE ID SECURITY TO BE EXTENDED TO
* THE FOLLOWING FILES, IF THEY HAVE BEEN CREATED AS Z/OS UNIX FILES:
* BASE LIBRARIES
* INCLUDE LIBRARIES
* SOURCE OUTPUT LIBRARIES
* END-TO-END LOGGING FILES
* THE FILE OWNER WILL HAVE READ, WRITE AND EXECUTE ACCESS TO FILES
* FILES CREATED IN THE BASE AND SOURCE OUTPUT DIRECTORIES.
* THE SECOND PARAMETER CONTROLS THE PERMISSIONS FOR GROUP AND OTHER.
* THE DEFAULT IS '55', MEANING THAT GROUP AND OTHER BOTH HAVE READ
* AND EXECUTE PERMISSIONS. TO CHANGE THOSE PERMISSIONS, MODIFY THE
* PARAMETER TO REFLECT THE UNIX PERMISSION VALUES.
*--------------------------------------------------------
ENHOPT ENABLE_ALTID_USS_SECURITY=(ON,55)
Processors used - (Kept it simple):
//GENPROC PROC
//*********************************************************************
//* WRITE ELEMENT OUT USING ENUSSUTL
//**********************************************************************
//ENUSSUTL EXEC PGM=ENUSSUTL,MAXRC=12,ALTID=N,PARM='NOECHO'
//INPUT DD PATH='&#PFX&C1SI.BASE/',
// PATHOPTS=ORDONLY
//OUTPUT DD PATH='&#PFX&C1SI.OUT/',
// PATHOPTS=(OWRONLY,OCREAT),
// PATHMODE=(SIRWXU,SIRWXG,SIROTH,SIXOTH)
//ENUSSIN DD *
COPY INDD 'INPUT' OUTDD 'OUTPUT' .
SELECT FILE '&C1ELMNT255' .
//MOVPROC PROC
//***********************************************************
//* COPY OUTPUT USING ENUSSUTL
//***********************************************************
//ENUSSUTL EXEC PGM=ENUSSUTL,MAXRC=12,ALTID=N,PARM='NOECHO'
//INPUT DD PATH='&#PFX.1OUT/',
// PATHOPTS=ORDONLY
//OUTPUT DD PATH='&#PFX.2OUT/',
// PATHOPTS=(OWRONLY,OCREAT),
// PATHMODE=(SIRWXU,SIRWXG,SIROTH,SIXOTH)
//ENUSSIN DD *
COPY INDD 'INPUT' OUTDD 'OUTPUT' .
SELECT FILE '&C1ELMNT255' .
//DELPROC PROC
//************************************************************
//* DELETE OUTPUT USING ENUSSUTL
//************************************************************
//ENUSSUTL EXEC PGM=ENUSSUTL,MAXRC=12,ALTID=N,PARM='NOECHO'
//FROMDD DD PATH='&#PFX&C1SI.OUT/',
// PATHOPTS=(OWRONLY,OCREAT)
//ENUSSIN DD *
DELETE FROMDD 'FROMDD' .
SELECT FILE '&C1ELMNT255'.
Files after an add and move (no delete behind for testing purposes):
EUID=2267 /CA31/u/users/endevor/PAUS1/
Type Perm Filename
_ Dir 777 .
_ Dir 777 ..
_ Dir 777 RMT
_ Dir 777 STG1BASE
_ Dir 777 STG1OUT
_ Dir 777 STG1SOL
_ Dir 777 STG2BASE
_ Dir 777 STG2OUT
_ Dir 777 STG2SOL
_ Dir 777 TEMP
EUID=2267 /CA31/u/users/endevor/PAUS1/STG1BASE/
Type Perm Filename
_ File 755 EFP*
_ Dir 777 .
_ Dir 777 ..
EUID=2267 /CA31/u/users/endevor/PAUS1/STG1OUT/
Type Perm Filename
_ File 775 SHIPELM1
_ File 775 SHIPELM2
_ Dir 777 .
_ Dir 777 ..
EUID=2267 /CA31/u/users/endevor/PAUS1/STG2BASE/
Type Perm Filename
_ File 755 EFP*
_ File 755 SHIPELM1
_ File 755 SHIPELM2
_ Dir 777 .
_ Dir 777 ..
EUID=2267 /CA31/u/users/endevor/PAUS1/STG2OUT/
Type Perm Filename
_ File 775 SHIPELM1
_ File 775 SHIPELM2
_ File 775 ÚIXJEA4W
_ File 775 ÚIXJEF7V
_ Dir 777 .
_ Dir 777 ..
Temp file created as a result of Package Ship:
EUID=2267 /CA31/u/users/endevor/PAUS1/TEMP/HOST/
Type Perm Filename
_ Dir 777 .
_ Dir 777 ..
_ Dir 777 XCOM31D130424T111606