Update privileges for non-system administrators

The data in /var/zexpl/pushtoclient/ is maintained by non-system administrators, such as project managers, who might not have many update privileges in z/OS® UNIX. Therefore, it is important to understand how z/OS UNIX sets access permissions during file creation to ensure you have workable but secure setup.

UNIX standards dictate that permissions can be set for three types of users: owner, group, and other. Read, write, and execute permissions can be set for each type individually.

z/OS UNIX sets the UID (user ID) and GID (group ID) to the following values when a file is created:

The UID is set to the effective UID of the creating thread.
The GID is set to the GID of the owning directory. If security profile FILE.GROUPOWNER.SETGID is defined in the UNIXPRIV class, then the effective GID of the creating thread is used by default instead. See UNIX System Services Planning (GA22-7800) for more details.

Each site can set their own default access permission mask, but a common mask allows read and write permission to the owner, and read permission to group and other.

Data in /var/zexpl/pushtoclient/ is created using the access permission mask defined in the file.permission directive of pushtoclient.properties. The default value allows read and write permission for owner and group, and read permission for other. All have execute permission. The final access permissions should allow read and execute for all, and write for the z/OS Explorer client administrators that maintain the data.