APF authorization

Remote Systems Explorer (RSE) is the z/OS® Explorer component that provides core services such as connecting the client to the host. It must run APF-authorized in order to perform tasks such as displaying detailed process resource usage.

The z/OS UNIX APF bit is set during SMP/E install where needed. This permission bit might get lost if you did not preserve it during a manual copy of the z/OS Explorer directories.

The following z/OS Explorer files must be APF-authorized:

/usr/lpp/IBM/zexpl/bin/
- fekfldsl.rex
- fekfomvs
- fekfrivp
- fekfrmsg
- fekftso.rex
- feklogs.rex
- send

Note: The following load modules in the SFEKAUTH load library must also be APF authorized:

FEJJMON
FEKEESX0

Use z/OS UNIX command ls -E to list the extended attributes, in which the APF bit is marked with the letter a, as shown in the following sample ($ is the z/OS UNIX prompt):

$ cd /usr/lpp/IBM/zexpl
$ ls –E bin/fekfrivp
–rwxr–xr–x  aps–  2 user     group     114688 Sep 17 06:41 bin/fekfrivp

Use z/OS UNIX command extattr +a to set the APF bit manually, as shown in the following sample ($ and # are the z/OS UNIX prompts):

$ cd /usr/lpp/IBM/zexpl
$ su
# extattr +a bin/fekfrivp
# exit
$ ls –E bin/fekfrivp
–rwxr–xr–x  aps–  2 user     group     114688 Sep 17 06:41 bin/fekfrivp

Note: To be able to use the extattr +a command, you must have at least READ access to the BPX.FILEATTR.APF profile in the FACILITY class of your security software, or be a superuser (UID 0) if this profile is not defined. For more information, refer to UNIX System Services Planning (GA22-7800).