Metadata security

By default (see the file.permission directive in pushtoclient.properties), all files and directories created in the base directory receive permission bitmask 775 (rwxrwxr-x), which allows the owner and the owner's default group read and write access to the directory structure and the files within. Everyone else has only read access to the directory structure and the files within.

It is important that the correct owner UID (user ID) and GID (group ID) are set for these directories before starting with the push-to-client setup.

The following sample RACF® commands create a new group (PTCADMIN), assign it a unique GID (2), and make it the default group for user ID PTCADM1, which also receives a unique UID (6).

ADDGROUP PTCADMIN OWNER(IBMUSER) SUPGROUP(SYS1) –
  DATA('z/OS EXPLORER – CLIENT ADMIN')
ALTGROUP PTCADMIN OMVS(GID(2))
CONNECT PTCADM1 GROUP(PTCADMIN) AUTH(USE)
ALTUSER PTCADM1 DFLTGRP(PTCADMIN) OMVS(UID(6))

The following sample chown z/OS® UNIX command changes the owner and group of /var/zexpl/pushtoclient and everything in it to PTCADM1 and PTCADMIN respectively. The command should be executed by a super-user (UID 0) to avoid permission problems.

chown –R ptcadm1:ptcadmin /var/zexpl/pushtoclient

The following sample chmod z/OS UNIX command changes the permission bitmask of /var/zexpl/pushtoclient and everything in it to 775. Execute it to ensure that any manual addition to the directory follows the logic used by z/OS Explorer. The command should be executed by a super-user (UID 0) to avoid permission problems.

chmod –R 775 /var/zexpl/pushtoclient

See Security Server RACF Command Language Reference (SA22-7687) for more information about the sample RACF commands. See UNIX System Services Command Reference (SA22-7802) for more information about the sample z/OS UNIX commands. See z/OS UNIX directory structure for additional information.