ABEND=SEC6 on a new ACF2 install

search cancel

ABEND=SEC6 on a new ACF2 install

book

Article ID: 213305

calendar_today

Updated On:

Products

ACF2 - z/OS

Issue/Introduction

Receiving following error and it appears to be a security issue:

BPXP024I BPXAS INITIATOR STARTED ON BEHALF OF JOB BPXOINIT RUNNING IN
ASID 0025
+BPXI026I THE ETCINIT JOB COULD NOT BE STARTED. BPX4EXC RETURN CODE
0000006F REASON CODE EF076015
IEA989I SLIP TRAP ID=XEC6 MATCHED. JOBNAME=BPXOINIT, ASID=002F.
BPXP023I THREAD 0A7F800000000000, IN PROCESS 4, WAS 143
TERMINATED BY SIGNAL *NO SIGNAL, SENT FROM THREAD
0000000000000000, IN PROCESS 0, UID 0, IN JOB .
IEF450I BPXOINIT STEP1 - ABEND=SEC6 U0000 REASON=0000FF09 145
TIME=09.37.16
BPXI027I THE ETCINIT JOB ENDED IN ERROR, EXIT STATUS 00000009
BPXI004I OMVS INITIALIZATION COMPLETE
CEA0105I COMMON EVENT ADAPTER IS RUNNING IN MINIMUM MODE. 147
UNIX SYSTEM SERVICE DUBDFLT ENDED WITH RETURN CODE 0000009C
REASON CODE 0B0C00FD

Resolution

Changing Unixopts record to BYP-FSA will eliminate the error at IPL.

Since ACF2 protects resources by default, access to all users of zFS, including superusers,
would be denied without adding needed resource rules with this support in place.

Note: This FSACCESS resource validation is only for UNIX zFS file systems - NOT hFS file systems.

IBM added a new function to check a user's authority to access the file system objects on z/OS UNIX zFS file systems using the new SAF FSACCESS resource class.

BYP-FSA | NOBYP-FSA ..... Specifies whether ck_access processing for zFS files bypasses RACROUTE FASTAUTH calls against resources in the FSACCESS.

The default (NOBYP-FSA) protects the class by continuing to provide FSACCESS checking.
Disabling FSACCESS (BYP-FSA) class checking improves zFS performance but sacrifices an extra level of authentication and auditing.

Additional Information

Feedback

thumb_up Yes

thumb_down No