ACF2 authorization required to resolve R_CHAUDIT Message EDC5139I Operation not permitted
search cancel

ACF2 authorization required to resolve R_CHAUDIT Message EDC5139I Operation not permitted

book

Article ID: 41333

calendar_today

Updated On:

Products

ACF2 ACF2 - z/OS ACF2 - MISC

Issue/Introduction

Trying to change User or Auditor audit settings on a USS file gets error EDC5139I Operation not permitted (errno2=0xEF076041)

The ACF2 ACFRPTOM report shows a R_chaudit failure with 8/8:8 return codes: 

R_chaudit        sysid  OMVSGRP            0          30   8    8    8  
12/09/13  13.343   13.04.28 sysid          90#5     SP#1         
Failed - User not authorized to change files auditor audit options 
 Old User Options:      Read None     Write None     Exec/Search None     
 User Audit Options   : Read Failure  Write Failure  Exec/Search None     
 Function: chattr               User Type: Local                          
 Pathname: pathname.                           

 Filename: .                                                              
 File Permissions: Owner: rwx Group: --- Other: --- 
 Owning UID:            0   Owning GID:          10                       
 Volume  :         File Identifier:   010000000000000000                  
 File Audit Options:                                                      
 User    : Read Failure  Write Failure  Exec/Search Failure               
 Auditor : Read None     Write None     Exec/Search None                  
 File system dataset:   dataset    

Other Symptoms include:

FSUMF353 __chattr() could not set auditor audit flags for pathname

What authorization is required?

 

Resolution

In ACF2, to be able to change User Audit Criteria on a USS file, the user must either be UID(0) or have the same UID as the owner of the file.  
To be able to change AUDITOR audit criteria on a USS file, the user must have the AUDIT logonid attribute.

If the return code in the ACFRPTOM report is 8/8:8 - this is a check for AUDITOR audit criteria.
If the return code in the ACFRPTOM report is 8/8:4 - this is a check for USER audit criteria. 

Additional Information

IBM documentation for R_chaudit Usage Notes states:

Two sets of audit bits exist for a file, one for auditor-specified options and one for user-specified options. 
The audit flag in the parameter list indicates which type of options should be set.
If the audit flag indicates auditor options, the user must have auditor authority.
Auditors can set the auditor options for any file, even those they do not have path access to or authority to use for any other reason.

If the audit flag indicates user options, the user must be a superuser or must be the owner of the file (that is, the effective UID of the calling process is equal to the owner UID of the file.)