When trying to Change User or Auditor Audit settings on a USS file
gets error EDC5139I Operation not permitted.
What authorization is required?
The ACF2 ACFRPTOM report shows a R-chaudit failure with 8/8:8 return codes:
R_chaudit SYS222B OMVSGRP 0 30 8 8 8
12/09/13 13.343 13.04.28 SYS222B2 90#5 SP#1
Failed - User not authorized to change files auditor audit options
Old User Options: Read None Write None Exec/Search None
User Audit Options : Read Failure Write Failure Exec/Search None
Function: chattr User Type: Local
File Permissions: Owner: rwx Group: --- Other: ---
Owning UID: 0 Owning GID: 10
Volume : File Identifier: 010000000000000000
File Audit Options:
User : Read Failure Write Failure Exec/Search Failure
Auditor : Read None Write None Exec/Search None
File system dataset: SYS1.OMVS.TEST1.WEB.SP14.REPORT.TMP
Other Symptoms include:
FSUMF353 __chattr() could not set auditor audit flags for /SYS1/tmp/COPYTEST.111053.226175/tmpzfs/..:
EDC5139I Operation not permitted. (errno2=0xEF076041)
IBM documentation at https://www.ibm.com/docs/en/zos/2.4.0?topic=options-usage-notes
Two sets of audit bits exist for a file, one for auditor-specified options and one for user-specified options.
The audit flag in the parameter list indicates which type of options should be set.
If the audit flag indicates auditor options, the user must have auditor authority.
Auditors can set the auditor options for any file, even those they do not have path access to or authority to use for any other reason.
If the audit flag indicates user options, the user must be a superuser or must be the owner of the file (that is, the
effective UID of the calling process is equal to the owner UID of the file.)
In ACF2, to be able to change User Audit Criteria on a USS file, the user must either be UID(0) or have the same UID as the owner of the file.
To be able to change AUDITOR audit criteria on a uss file, the user must have the AUDIT logonid attribute.
If the return code in the ACFRPTOM report is 8/8:8 - this is a check for AUDITOR audit criteria.
If the return code in the ACFRPTOM report is 8/8:4 - this is a check for USER audit criteria.