Here are some things to check regarding this error:
- Have an SCA acid that is a superuser issue the Unix "find" command to list all files that have auditor audit options set to "fff":
find / -aaudit =f
Issue the Unix "df" command to display mounted filesystems.
Check every mounted filesystem in the "df" output to see if it also shows up in the "find" command output. If so, the auditor audit options for that filesystem should be changed from "fff" to "---" (no auditing).
Issue the Unix chaudit command to change the auditor audit options from "fff" to "---". This example changes the auditor audit options for the /SERVICE filesystem:
chaudit -a -f /SERVICE
Issue similar chaudit commands for every filesystem that has incorrectly set auditor audit options.
- Be sure the directories are mounted as read/write and NOT as READ only.
- Check to see if there are old HFS files that have the auditor flags enabled? This error could occur for older HFS files which have the auditor flags enabled. If this is the case, copy the files from one HFS to another newer HFS and then convert to a ZFS.
-
- If the files are shared by two lpars, if one lpar owned the mount, the audit file can not be changed from the other lpar.
- If some directories were mounted as read only, the mount had to be changed to read/write in order to remove the flag.
If none of the above correct the problem, a security trace with the AUDIT attribute also on the acid, OMVS trace, and TSSOERPT will be needed to pursue.
Here are the instructions to activate the traces.
- TSS ADD(acid) TRACE AUDIT
- TSS REFRESH(acid) JOBNAME(*)
- TSS MODI(SECTRACE(ACT,WTL))
- ST SET,TYPE=OMVS,FUNC=ALL,END (issued on the console)
- This will route all trace records to the MVS syslog....
- Recreate the problem.
- TSS MODI(SECTRACE(OFF))
- ST DEL,ID=xx (issued on the console)
- TSS REM(acid) TRACE
- TSS LIST(acid) DATA(ALL,PROFILE)
- Please email trace to [email protected] with the issue number as the subject.
For the TSSOERPT, there is sample jcl in member TSSOERPT in the TSS CAKOJCL0 library.