Table of Contents (exploded view)
Abstract for z/OS UNIX System Services Planning
Summary of changes
Summary of changes for z/OS Version 2 Release 2 (V2R2) as updated March 2016
Summary of changes for z/OS Version 2 Release 2 (V2R2)
z/OS Version 2 Release 1 summary of changes
Introduction to z/OS UNIX
The API interface
The interactive shell interface
Interacting with elements and features of z/OS
Workload Manager (WLM)
WebSphere Application Server Dispatcher
System Management Facilities (SMF)
XL C/C++ compiler
Language Environment
DFSMS
Security Server (RACF)
Resource Measurement Facility (RMF)
System Display and Search Facility (SDSF)
Time Sharing Options Extensions (TSO/E)
Communications Server
Interactive System Productivity Facility (ISPF)
Network File System (NFS)
z/OS File System (zFS)
Hardware considerations for z/OS UNIX
Requirements for accessing kernel services using TSO/E
Tasks that z/OS UNIX application programmers do
Administrative tasks using the ISPF shell
Installing z/OS UNIX
Methods of installing z/OS UNIX
Installing z/OS UNIX for ServerPac customers
Installing z/OS UNIX for CBPDO customers
Setting up BPXOINIT as a started procedure
Establishing an /etc file system for a new release
Customizing z/OS UNIX
Setting up kernel services in minimum mode
Setting up kernel services in full function mode
Setting up for full function mode
Checking the mode of the kernel in a running system
Evaluating virtual memory needs
Using extended common service area (ECSA)
Using extended system queue area (ESQA)
Predicting and limiting ESQA usage
Reducing the amount of ESQA needed to support servers
Prioritizing UNIX work on your system
Defining the BPXPRMxx members in IEASYSxx
Customizing the BPXPRMxx member of SYS1.PARMLIB
Checking the BPXPRMxx syntax
Defining file systems
FILESYSTYPE
Restrictions on VIRTUAL(max)
MOUNT
NETWORK
ROOT
SUBFILESYSTYPE
Defining system limits
CTRACE
LIMMSG
MAXASSIZE
MAXCPUTIME
MAXFILEPROC
MAXIOBUFUSER
MAXMMAPAREA
MAXPIPES
MAXPIPEUSER
MAXPROCSYS
MAXPROCUSER
MAXPTYS
MAXSOCKETS
MAXTHREADS
MAXTHREADTASKS
MAXUIDS
MAXUSERMOUNTSYS
MAXUSERMOUNTUSER
PRIORITYGOAL
PRIORITYPG
Defining system features
AUTOCVT
NONEMPTYMOUNTPT
LOSTMSG
PWT
STEPLIBLIST
USERIDALIASTABLE
AUTHPGMLIST
Customizing other members of SYS1.PARMLIB
ALLOCxx
COFVLFxx
CTnBPXxx
IEADMR00
IKJTSOxx
SMFPRMxx
Customizing /etc
Initializing the kernel using a cataloged procedure
Running a physical file system in a colony address space
Starting colony address spaces
Starting colony address spaces outside of JES
Running a temporary file system in a colony address space
Steps for creating a cataloged procedure for a temporary file system
Enabling certain TSO/E commands to z/OS UNIX users
Globalization on z/OS systems
Checking for setup errors
Establishing UNIX security
List of subtasks
Preparing RACF
Steps for preparing RACF
Using RACF with z/OS UNIX
RACF performance considerations
Setting up users and groups
Activating supplemental groups
Defining z/OS UNIX users to RACF
Steps for defining z/OS UNIX users to RACF
Storing user-specific information in OMVS segments
Automatically generating OMVS segments
Security implications
Checking user and group authority
Obtaining security information about groups
Steps for obtaining security information about a group
Obtaining security information about users
Steps for obtaining security information about users
Setting up field-level access for the OMVS segment of a user profile
Steps for setting up field-level access
Defining group identifiers (GIDs)
Defining user identifiers (UIDs)
Assigning UIDs to single users
Assigning UIDs to multiple users
Setting limits for users
Defining protected user IDs
Defining the terminal group name
Managing user and group assignments
Assigning UIDs and GIDs in an NFS network
Assigning identifiers for users
Assigning identifiers for groups
Upper limits for GIDs and UIDs
Creating z/OS UNIX groups
Steps for creating z/OS UNIX groups
Superusers in z/OS UNIX
Using UNIXPRIV class profiles
Assigning superuser privileges
Steps for authorizing selected users to transfer ownership of any file
Allowing z/OS UNIX users to change file ownerships
Steps for setting up the CHOWN.UNRESTRICTED profile
Allowing z/OS UNIX users to search directories
Using the BPX.SUPERUSER resource in the FACILITY class
Steps for setting up BPX.SUPERUSER
Deleting superuser authority
Changing a superuser from UID(0) to a unique nonzero UID
Steps for changing a superuser from UID(0) to a unique nonzero UID
Switching in and out of superuser authority
Assigning a UID of 0
Setting up the UNIX-related FACILITY and SURROGAT class profiles
Security requirements for ServerPac and CBPDO installation
If you use uppercase group and user IDs
If you use mixed-case group and user IDs
If you have problems with names such as UUCP, UUCPG, and TTY
Defining cataloged procedures to RACF
Controlling access to files and directories
Setting classes for a user's process
Steps for setting up the FILE.GROUPOWNER.SETGID profile
Accessing files
Changing the permission bits for a file
Changing the owner or group for a file
Creating a set-user-ID or set-group-ID executable file
Protecting data
Obtaining security information for a file
Creating a sticky bit file or external link for an MVS APF-authorized program
Using access control lists (ACLs)
ACLs and ACL entries
Managing ACLs
Working with access ACLs
Working with default ACLs
Summary of tasks and their associated commands
How ACLs are used in file access checks
Auditing changes to ACLs
Using security labels
Setting security labels on z/OS UNIX
Symbolic link restrictions
Using multilevel security
Security labels for zFS files and directories
Auditing access to files and directories
Specifying file audit options
Using sanction lists
Formatting rules for sanction lists
Steps for creating a sanction list
Steps for activating the sanction list
Maintaining the security level of the system
Steps for maintaining the security level of the system
Controlling access to applications
Restricting access to z/OS UNIX file systems
Using the FSACCESS class profile to restrict access
Steps for giving selected users or groups access to a z/OS UNIX file system
Restricting execute access in a zFS or TFS file system
Setting up TCP/IP security
Selecting a security level for the system
Managing the z/OS UNIX file system
Lists of subtasks
Basics of the z/OS UNIX file system
Structure of the z/OS UNIX file system
Command differences due to symbolic links
Suggested file system structures for user directories and files
Using the Network File System (NFS)
Using the z/OS File System (zFS)
How does zFS differ from HFS?
HFS compatibility mode
Implications of zFS ownership versus z/OS UNIX ownership of file systems
Migrating the HFS file system to the zFS file system
Migrating the sysplex root file system from HFS to zFS
Mounting considerations for zFS
Mount behaviors of zFS
Determining the zFS file system owner
Setting up the z/OS UNIX file system
Naming rules for file names and path names
Allocating a file system for the root file system
Defining the root file system
What happens when file systems are mounted?
When HFS file systems are mounted
When zFS file systems are mounted
Mounting file systems
Security considerations when mounting
Privileged mount and unmount authority
Nonprivileged mount and unmount authority
Steps for mounting file systems
Restrictions on mounting file systems
Automatically replacing the sysplex root file system with the alternate sysplex root file system if it becomes unowned
Steps for setting up the alternate sysplex root for the dynamic replacement of the current sysplex root
Steps for removing the alternate sysplex root support
Dynamically replacing the sysplex root file system
Steps for dynamically replacing the sysplex root file system
Managing file systems
Reducing the size of the file system
Increasing the size of the HFS file system
Removing unnecessary files from directories
Improving accesses to file systems
Unmounting file systems
Mounting the root file system for execution
Deciding how to mount your root
Leaving the root file system mounted in read/write mode
Post-installation actions for mounting the root file system in read-only mode
Mounting the root file system in read-only mode
Customizing the cron, uucp, and mail utilities for a read-only root file system
Migration considerations for the cron, uucp, and mail utilities
Customizing the cron, uucp, and mail utilities
Steps for customizing the cron, uucp, and mail utilities
Remounting a mounted file system
Copying the file system
Backing up file systems
Ways to back up file systems
DFSMShsm
Tivoli Storage Manager
DFSMSdss
Creating the user file systems
Making user file systems available
Using direct mount
Using file locks
Creating special files
Pseudoterminal files
Null file
Zero file
Random number files
File descriptor files
UNIX domain socket name special file
System console files
Handling file system failures
Restoring the root file system
Recovering from file system problems with the root
Steps for recovering from file system problems with the root
Installing service into the z/OS UNIX file system
Example of installing service
Transporting the file system from the driving system to the target system
Making changes to /etc and /var
Installing products into the file system
Using the automount facility
Automounting both HFS and zFS file systems
Automounting NFS file systems
Automounting in a shared file system
How does the automount facility work?
Setting up the automount facility
/etc/auto.master
MapName
Security considerations for the automount policy
Using map files from other systems
Steps for setting up the automount facility
What happens when you start the automount facility from the shell?
Naming specific directories
Changing which file systems are automounted
Stopping the automount facility
Sharing file systems in a sysplex
What does shared file system mean?
How the end user views the shared file system
Summary of various file systems in a shared environment
Illustrating file systems in single system and sysplex environments
File systems in single system environments
Establishing a shared file system in a sysplex
Creating the sysplex root file system
Adding a system-specific or version root file system to your shared file system configuration
Creating a system-specific file system
Mounting the version file system
Creating a couple data set (CDS)
Updating COUPLExx to define the z/OS UNIX CDS to XCF
Customizing BPXPRMxx for a shared file system
Using system lists
Using wildcards
zFS sysplex considerations when using system lists
Sysplex scenarios showing shared file system capability
Scenario 1: First system in the sysplex
Scenario 2: Multiple systems in the sysplex using the same release level
Scenario 3: Multiple systems in a sysplex using different release levels
Using the automount policy
File system availability
Minimum setup required for file system availability
Read-write connections for non-sysplex aware file systems
Read-write connections for sysplex-aware file systems
Read-only connections for non-sysplex aware file systems
Read-only connections for sysplex-aware file systems
Situations that can interrupt availability
Moving file systems in a sysplex
Moving file systems to a back-level system
zFS sysplex considerations when moving file systems
Implications of shared file systems during system failures and recovery
Managing the movement of data
Shared file system implications during a planned shutdown of z/OS UNIX
State of file systems after shutdown
Initializing the file system
Locking files in the sysplex
Mounting file systems using symbolic links
Mounting file systems using NFS client mounts
Tuning z/OS UNIX performance in a sysplex
DFS and SMB considerations when exporting file systems
Customizing the shells and utilities
Lists of subtasks
Connecting to the shell
Invoking the shell automatically under TSO/E
Steps for enabling shell users to invoke the shell automatically
Invoking the shell automatically when logging on to TSO/E
Determining the CPU time limit
Supplying an alternative shell
Customizing the z/OS UNIX shells
Customizing the shell environment variables
For the z/OS shell
For the tcsh shell
Customizing the RACF user profile
Customizing files for the z/OS shell
Customizing /etc/profile
Steps for customizing /etc/profile
Environment variables that you can customize for /etc/profile
Customizing $HOME/.profile
Steps for customizing $HOME/.profile
Environment variables that you can customize for $HOME/.profile
Using an ENV environment variable file
Using a shell command or shell script
Customizing /etc/init.options
Customizing /etc/rc
Steps for customizing /etc/rc
Customizing /etc/inittab
Format of the /etc/inittab file
The /samples/inittab file
Steps for customizing /etc/inittab
Customizing files for the tcsh shell
Customizing /etc/csh.login
Customizing $HOME/.login
Customizing /etc/csh.cshrc
Customizing $HOME/.tcshrc
Customizing /etc/complete.tcsh
Copying configuration files
Enabling the man pages
Setting up for mesg, talk, write, and UUCP
Customizing c89, cc, and c++ (cxx) compilers
Using non-default high-level qualifiers
Using a system that does not have UNIT=SYSDA
Selecting z/OS XL C/C++ compilers
Using the same compiler for the entire system
Using the command names common to the xlc and c89 utility
Setting up c89 to work with the current z/OS XL C/C++ compiler
Setting up xlc to work with the current z/OS XL C/C++ compiler
Targeting a z/OS release earlier than the current one
Targeting an earlier release
Customizing the terminfo database
Steps for defining terminals or workstations for a terminfo database
Re-creating the terminfo database
Customizing electronic mail
For the z/OS shell
For the tcsh shell
Customizing for your national code page in the shell
Lists of subtasks
Steps for setting up your national code page
Customizing for Japanese and Simplified Chinese
Steps for customizing the login file for the z/OS shell
Steps for customizing the login file for the tcsh shell
Steps for displaying messages in Japanese
Steps for activating MVS Message Service (MMS)
TSO/E messages
TSO/E help panels
Concatenating target libraries to ISPF
PROFILE PLANGUAGE and the OMVS command
Configuring the UNIX-to-UNIX copy program (UUCP)
Transferring files
Executing commands from a remote location
Tailoring UUCP for custom applications
UUCP commands and daemons
UUCP directories and files
The UUCP communications network
Securing your system
The public UUCP directory
Execute permissions
Configuring your local system
Configuring communication with remote systems
Obtain information about remote systems
Create or edit UUCP configuration files
Editing a configuration file
The systems file
The Devices file
The Dialers file
The Dialcodes file
The Permissions file
How uucico uses configuration files
Compile the configuration files
Create working directories for the local and remote systems
Schedule periodic UUCP transfers with cron
Creating a crontab entry
Example of schedules
Controlling calls to each system
Testing the connection
Checking the configuration for connections
Contacting the remote site
Calling system login
Maintaining UUCP
Cleaning up UUCP files
The spool directory
Log files, lock files, status files, and working files
Displaying information about recorded UUCP events
Notifying remote systems about password changes
Converting files between code pages
List of subtasks
Using Enhanced ASCII
Setting up Enhanced ASCII
Using Unicode Services in a z/OS UNIX environment
Considerations beyond that of Enhanced ASCII
Steps for setting up Unicode Services
Managing operations
List of subtasks
Steps for ending a specified process
Ending threads
Planned shutdowns using F BPXOINIT,SHUTDOWN=...
Steps for shutting down z/OS UNIX using F BPXOINIT,SHUTDOWN=...
Partial shutdowns for JES2 maintenance
Steps for partial shutdowns for JES2 maintenance
Planned shutdowns using F OMVS,SHUTDOWN
What F OMVS,SHUTDOWN does
Successful shutdowns
Steps for shutting down z/OS UNIX using F OMVS,SHUTDOWN
Dynamically activating the z/OS UNIX component service items
Identifying service items to be activated
Activating service items
Deactivating service items
Displaying activated service items
Dynamically changing the BPXPRMxx parameter values
Dynamically changing certain BPXPRMxx parameter values
MAXPROCSYS
MAXPTYS
IPCMSGNIDS and IPCSEMNIDS
SHRLIBRGNSIZE and SHRLIBMAXPAGES
IPCSHMNIDS and IPCSHMSPAGES
Dynamically switching to different BPXPRMxx members
Dynamically adding FILESYSTYPE statements in BPXPRMxx
Steps for activating the HFS file system for the first time
Activating a single sockets file system for the first time
Steps for activating a single sockets file system for the first time
Activating a multiple sockets file system for the first time with Common INET (CINET)
Steps for activating a multiple socket file system for the first time with Common INET
Specifying the maximum number of sockets
Steps for increasing the MAXSOCKETS value
Adding another sockets file system to an existing Common INET (CINET) configuration
Steps for adding another sockets file system to an existing CINET configuration
Tracing events
Tracing events in z/OS UNIX
Tracing DFSMS events
Re-creating problems for IBM service
Filtering trace data
Displaying the status of the kernel or process
Displaying the status of system-wide limits specified in BPXPRMxx
Taking a dump of the kernel and user processes
Displaying the kernel address space
Displaying process information
Displaying global resource information
Displaying information about local and network sockets
Detecting latch contention
For shared memory mutexes and conditional variables
For user tasks
Preallocating a sufficiently large dump data set
Taking dumps
Reviewing dump completion information
Recovering from a failure
z/OS UNIX system failure
File system type failure
File system failure
Managing Interprocess Communication (IPC)
Managing processing for z/OS UNIX
List of subtasks
Controlling printing
Designating printers
Setting up default printers
Controlling output print separators
Controlling code page conversion
Converting single-byte data
Converting double-byte data
Using character conversion tables
Example of data conversion specified by a user
Customizing code page conversion
Example of code page conversion of OMVS command
Managing z/OS UNIX in relation to other processing
JES2 processing
JES3 processing
Accessing the Language Environment runtime library
Steps for making the runtime library available through STEPLIB
Fastpath support for System Authorization Facility (SAF)
Enabling the SAF fastpath support
Disabling the SAF fastpath support
Determining problem causes
Abends
Return codes and reason codes
Messages
Writing messages to a job log file
Component identifiers
Formatting dumps
Diagnosing problems
Diagnosing problems in application programs
Diagnosing hangs during z/OS UNIX initialization
Managing the temporary file system (TFS)
Features of the TFS
Security considerations
Creating the TFS
Checking the size of the TFS
Parameter key options for the mount statement and mount commands
Parameter key options for the FILESYSTYPE statement
Monitoring space in the TFS
Determining the default setting for FSFULL monitoring
Changing the default FSFULL setting
Dynamically extending the size
Using the TFS in a shared file system
Setting up for daemons
Lists of subtasks
Comparing UNIX security and z/OS UNIX security
Establishing the correct level of security for daemons
UNIX level
RACF with enhanced program security, BPX.DAEMON, and BPX.MAINCHECK
BPX.DAEMON
Steps for preparing the security program for daemons
Customizing the system for IBM-supplied daemons
Defining modules to program control
Steps for defining programs from load libraries to program control
Defining programs in UNIX files to program control
Using sanction lists
Checking UNIX files for program control
Steps for checking UNIX files for program control
Defining UNIX files as APF-authorized programs
Compiling a list of sanctioned path names and program names
Controlling who can set the APF-authorized attribute
Defining UNIX files as shared library programs
Setting the shared library attribute
Handling dirty address spaces
Using enhanced program security
Steps for setting up enhanced program security
Customizing the system for IP-supplied daemons
Steps for customizing the system for IP-supplied daemons
Customizing the IBM-supplied daemons
Customizing the inetd daemon
Steps for customizing the inetd daemon
Customizing the uucpd daemon
Steps for customizing the uucpd daemon
Customizing the rlogind daemon
Customizing the cron daemon
Customizing the cron daemon for the first time
Migrating from a previous release
Steps for customizing the cron daemon
Scheduling at and cron jobs
Starting daemons
Using & at the end of a command
Starting and restarting daemons
During initialization
Using a cataloged procedure
Using BPXBATCH
Setting up security procedures for daemons
Steps for setting up security procedures for daemons
Giving daemon authority to vendor-written programs
Tracking down problems when setting up daemons and servers
Verifying the user OMVS segment
Verifying the group OMVS segment
Verifying that the sticky bit is on
Using external links to access MVS load libraries
Finding modules that were not defined to program control
Steps for finding modules that were not defined to program control
Checking the daemon authority
Checking the server setup
Refreshing RACF in-storage data
Checking the SURROGAT class profile
Setting up for rlogin
Steps for setting up for rlogin
Solving problems with rlogin setup
Preparing security for servers
List of subtasks
Designing security for servers
Setting up threads and security
Checking authority to use protected resources
Limitations of RACF client ACEE support
Documenting the security requirements
Establishing the correct level of security for servers
UNIX level: BPX.SERVER is not defined
z/OS UNIX level: BPX.SERVER is defined
RACF with enhanced program security, BPX.SERVER, and BPX.MAINCHECK
BPX.SERVER
Defining servers to use thread-level security
Steps for setting up servers
Defining servers to process users without passwords or password phrases
Steps for defining servers to process users without passwords or password phrases
Monitoring the environment
Reporting on activities using SMF records
SMF record type 30
SMF record types 34 and 35
SMF record type 74
SMF record type 80
SMF record type 92
Monitoring process activity
Using installation exits
Defining exits
Adding exit routines to exits
Tuning performance
List of subtasks
Improving performance of runtime routines
Tuning tips for the compiler utilities
Improving performance by updating the PROGxx member
Caching RACF user and group information in VLF
Steps for caching UID and GID information in VLF
Moving z/OS UNIX executables into the LPA
Steps for moving an executable in the file system into the LPA
Binding the executable or DLL into a PDSE
Using the shared library extended attribute
Tuning tips for the file system
Tuning limits in BPXPRMxx
Monitoring system and process limits
Monitoring use of system resources
Controlling use of ESQA
Controlling dispatching priorities
System limits and process limits
What are hard limits?
What are soft limits?
How are limits handled after an identity change?
Inheriting soft limits
What happens when an identity change occurs?
What happens if an identity change does not take place when a child is created?
What happens if an identity change does not take place when a new process image is created by exec()?
Specifying a new identity
Setting process limits in z/OS UNIX
Steps for setting process limits in z/OS UNIX
Using the IEFUSI installation exit to set process limits
Displaying process limits
Changing process limits
Steps for changing the process limits for an active process
Reference information
Improving performance of the z/OS shell
Setting _BPX_SHAREAS and _BPX_SPAWN_SCRIPT
Controlling use of STEPLIBs
Checking that the sticky bit is set
Organizing file systems to improve performance
Improving performance of security checking
OMVS command and TSO/E response time
Setting up for sockets
List of subtasks
Using single stacks
Using multiple stacks
Choosing between INET or CINET
Setting up for INET
Setting up for CINET
The internal routing table
Transport providers
Limitations of IP configurations using CINET
Customizing BPXPRMxx for CINET
Steps for customizing BPXPRMxx for CINET
Specifying INADDRANYPORT and INADDRANYCOUNT
Using specific transports under CINET
Binding to a specific transport
Connecting through a specific transport
Requesting transport affinity
Resolver configuration files
Host information
Service information
Protocol information
Resolver information
Displaying information about sockets
Managing accounting work
List of subtasks
Using system management facilities (SMF)
Assigning account numbers for forked address spaces
Modifying the accounting information for the OMVS and BPXOINIT address spaces
Steps for modifying accounting information
Validating user accounts using the IEFUAV exit
Checking job names and accounting information using the IEFUJI exit
Steps for activating the IEFUJI exit for OMVS work
Using the IEFUJV job validation exit
Using the IEFUSI step initiation exit
Generating job names for OMVS address spaces
IBM Health Checker for z/OS
Commonly used environment variables
_BPX environment variables
_BPXK environment variables
_CEE environment variables
Modules for the login and logout functions
FOMTLINP module for the login function
FOMTLOUT module for the logout function