When starting IBM InfoSphere Guardium S-TAP for IMS I get the following error messages when one of the spawned tasks tries to start.
AUIX132E--A shared memory error occurred on "shmat": EDC5111I Permission denied.
AUIZ009S--Attempts to attach to shared memory segment 8857 failed.
AUIT013I--SMF Collector for IBM InfoSphere Guardium S-TAP for IMS on z/OS agent is terminating.
AUIT047E--SMF Collector for IBM InfoSphere Guardium S-TAP for IMS on z/OS agent ended with RC = 12.
What do I have to do to resolve this problem?
An ACFRPTOM report will show violation entries for ck_IPC_access callable service requests.
An example is as follows...
ck_IPC_access logonid logonid 2000000633 200548 8 8 4
03/18/16 16.078 9.50.09 logonid sys1 sys1
Failed - The user is not authorized to access the IPC mechanism
Access code: Read and write/alter access
Function: shmat
IPC key from CR 8857
IPC ID from CRE 729092
User Type: Local
IPC key from II 8857
IPC ID from IIS 729092
Owner eff UID: 2000000632 Owner eff GID: 200547
Create eff UID: 2000000632 Create eff GID: 200547
S_IRUSR: Process owning the IPC member can read it
S_IWUSR: Process owning the IPC member can alter it
S_IRGRP: Group associated with the IPC member can read it
S_IWGRP: Group associated with the IPC member can alter it
S_IROTH: Others cannot read the IPC member
S_IWOTH: Others cannot alter the IPC member
It can be seen that the owner and creator UID is 200000063
the owner and creator GID is 200547
The user has uid 200000000633 and GID 200548
For access to be allowed the easiest solution would be to change the logonid
of the spawned tasks to have the same GROUP on the logonid as the owner.