Trying to change User or Auditor audit settings on a USS file gets error EDC5139I Operation not permitted (errno2=0xEF076041)
The ACF2 ACFRPTOM report shows a R_chaudit failure with 8/8:8 return codes:
R_chaudit sysid OMVSGRP 0 30 8 8 8
12/09/13 13.343 13.04.28 sysid 90#5 SP#1
Failed - User not authorized to change files auditor audit options
Old User Options: Read None Write None Exec/Search None
User Audit Options : Read Failure Write Failure Exec/Search None
Function: chattr User Type: Local
Pathname: pathname.
Filename: .
File Permissions: Owner: rwx Group: --- Other: ---
Owning UID: 0 Owning GID: 10
Volume : File Identifier: 010000000000000000
File Audit Options:
User : Read Failure Write Failure Exec/Search Failure
Auditor : Read None Write None Exec/Search None
File system dataset: dataset
Other Symptoms include:
FSUMF353 __chattr() could not set auditor audit flags for pathname:
What authorization is required?
In ACF2, to be able to change User Audit Criteria on a USS file, the user must either be UID(0) or have the same UID as the owner of the file.
To be able to change AUDITOR audit criteria on a USS file, the user must have the AUDIT logonid attribute.
If the return code in the ACFRPTOM report is 8/8:8 - this is a check for AUDITOR audit criteria.
If the return code in the ACFRPTOM report is 8/8:4 - this is a check for USER audit criteria.
IBM documentation for R_chaudit Usage Notes states:
Two sets of audit bits exist for a file, one for auditor-specified options and one for user-specified options.
The audit flag in the parameter list indicates which type of options should be set.
If the audit flag indicates auditor options, the user must have auditor authority.
Auditors can set the auditor options for any file, even those they do not have path access to or authority to use for any other reason.
If the audit flag indicates user options, the user must be a superuser or must be the owner of the file (that is, the effective UID of the calling process is equal to the owner UID of the file.)