search cancel

What authorization is required in ACF2 to change AUDITOR or USER related Audit settings on a USS file. R_CHAUDIT Message EDC5139I Operation not permitted.

book

Article ID: 41333

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC PanApt PanAudit

Issue/Introduction

When trying to Change User or Auditor Audit settings on a USS file
gets
error EDC5139I Operation not permitted.
What authorization is required?

 

Cause

The ACF2 ACFRPTOM report shows a R-chaudit failure with 8/8:8 return codes: 

R_chaudit        SYS222B  OMVSGRP            0          30   8    8    8  
12/09/13  13.343   13.04.28 SYS222B2          90#5     SP#1         
Failed - User not authorized to change files auditor audit options 
 Old User Options:      Read None     Write None     Exec/Search None     
 User Audit Options   : Read Failure  Write Failure  Exec/Search None     
 Function: chattr               User Type: Local                          
 Pathname: /tmp/bpx.67109110.13:04:14.zfs/.                           

 Filename: .                                                              
 File Permissions: Owner: rwx Group: --- Other: --- 
 Owning UID:            0   Owning GID:          10                       
 Volume  :         File Identifier:   010000000000000000                  
 File Audit Options:                                                      
 User    : Read Failure  Write Failure  Exec/Search Failure               
 Auditor : Read None     Write None     Exec/Search None                  
 File system dataset:   SYS1.OMVS.TEST1.WEB.SP14.REPORT.TMP    

Other Symptoms include:

FSUMF353 __chattr() could not set auditor audit flags for /SYS1/tmp/COPYTEST.111053.226175/tmpzfs/..: 
EDC5139I Operation not permitted. (errno2=0xEF076041) 

Environment

Release:
Component: ACF2MS

Resolution

IBM documentation at https://www.ibm.com/docs/en/zos/2.4.0?topic=options-usage-notes
states..

Two sets of audit bits exist for a file, one for auditor-specified options and one for user-specified options. 
The audit flag in the parameter list indicates which type of options should be set.
If the audit flag indicates auditor options, the user must have auditor authority.
Auditors can set the auditor options for any file, even those they do not have path access to or authority to use for any other reason.

If the audit flag indicates user options, the user must be a superuser or must be the owner of the file (that is, the
effective UID of the calling process is equal to the owner UID of the file.)

 

In ACF2, to be able to change User Audit Criteria on a USS file, the user must either be UID(0) or have the same UID as the owner of the file.  
To be able to change AUDITOR audit criteria on a uss file, the user must have the AUDIT logonid attribute.

If the return code in the ACFRPTOM report is 8/8:8 - this is a check for AUDITOR audit criteria.
If the return code in the ACFRPTOM report is 8/8:4 - this is a check for USER audit criteria.