APF authorization

The z/OS® UNIX APF bit is set during SMP/E install where needed. This permission bit might get lost if you did not preserve it during a manual copy of the z/OS Explorer Extensions directories.

The following z/OS Explorer Extensions files must be APF-authorized:

/usr/lpp/IBM/zee/bin/
- CRASTART
- felfvlic

Use z/OS UNIX command ls -E to list the extended attributes, in which the APF bit is marked with the letter a, as shown in the following example ($ is the z/OS UNIX prompt):

$ cd /usr/lpp/IBM/zee
$ ls -E bin/felfvlic
-rwxr-xr-x a-s- 2 user group 118784 Jul 8 12:31 bin/felfvlic

Use z/OS UNIX command extattr +a to set the APF bit manually, as shown in the following sample ($ and # are the z/OS UNIX prompts):

$ cd /usr/lpp/IBM/zee
$ su
# extattr +a bin/felfvlic
# exit
$ ls -E bin/felfvlic
-rwxr-xr-x  a-s-  2 user     group     118784 Jul  8 12:31 bin/felfvlic

Note: To be able to use the extattr +a command, you must have at least READ access to the BPX.FILEATTR.APF profile in the FACILITY class of your security software, or be a superuser (UID 0) if this profile is not defined. For more information, refer to UNIX System Services Planning (GA22-7800).