I am running an IBM InfoSphere Guardium S-TAP started TASK and a spawned job fails with messages AUIX132E and AUIZ009S

book

Article ID: 39881

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC CA PanApt CA PanAudit

Issue/Introduction

Problem:

When starting IBM InfoSphere Guardium S-TAP for IMS I get the following error messages when one of the spawned tasks tries to start. 

AUIX132E--A shared memory error occurred on "shmat": EDC5111I Permission denied.
AUIZ009S--Attempts to attach to shared memory segment 8857 failed.
AUIT013I--SMF Collector for IBM InfoSphere Guardium S-TAP for IMS on z/OS agent is terminating.
AUIT047E--SMF Collector for IBM InfoSphere Guardium S-TAP for IMS on z/OS agent ended with RC = 12.

What do I have to do to resolve this problem? 

 

Resolution:

An ACFRPTOM report will show violation entries for ck_IPC_access callable service requests.

An example is as follows...
 

ck_IPC_access    AUIFTSTA AUIFTSTA  2000000633      200548   8    8    4
  03/18/16  16.078    9.50.09 AUIFTSTA          TSTA     TSTA
 Failed - The user is not authorized to access the IPC mechanism
 Access code:   Read and write/alter access
  Function: shmat
  IPC key from CR        8857
  IPC ID from CRE      729092
                                 User Type: Local
  IPC key from II        8857
  IPC ID from IIS      729092
  Owner eff UID:   2000000632 Owner eff GID:       200547
  Create eff UID:  2000000632 Create eff GID:      200547
  S_IRUSR:  Process owning the IPC member can read it
  S_IWUSR:  Process owning the IPC member can alter it
  S_IRGRP:  Group associated with the IPC member can read it
  S_IWGRP:  Group associated with the IPC member can alter it
  S_IROTH:  Others cannot read the IPC member
  S_IWOTH:  Others cannot alter the IPC member

 

It can be seen that the owner and creator UID is 200000063
the owner and creator GID is 200547

The user has uid 200000000633 and GID 200548

For access to be allowed the easiest solution would be to change the  logonid
of the spawned tasks to have the same GROUP on the logonid as the owner.

  

 

 

 

Environment

Release:
Component: ACF2MS