When enabling ft_thread_level_security=yes on a z/OS agent, users may encounter frequent ICH408I security violations. This typically occurs when the agent attempts to access temporary status files (.sts) created during FTP processes.

Example error message: ICH408I USER(ABC) GROUP(EFG ) NAME(UC4 ) ../../../temp/XXXXX.sts CL(XXXX ) FID(...) INSUFFICIENT AUTHORITY TO OPEN ACCESS INTENT(-W-) ACCESS ALLOWED(GROUP R--) EFFECTIVE UID(0000000100) EFFECTIVE GID(0000010000)

Release: v24.x

Component: Java MVS Agent

DE184364

When ft_thread_level_security=yes is active, the agent creates temporary status files with restrictive permissions (644). This prevents the agent starter user  from having the necessary write access to these files, even if both the login object user and the agent user belong to the same functional group. Modifying the umask settings for the user does not resolve the allocation permissions for these specific files

Update to a fix version listed below or a newer version if available.

Fix version:

Component(s):  Java MVS Agent 

Java MVS Agent  24.4.4.HF2 - Available

Desc: A problem has been solved where a long running File Transfer task generates very large status store files on sender agent side.