z/OS UNIX System Services Planning
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Steps for defining programs from load libraries to program control

z/OS UNIX System Services Planning
GA32-0884-00

Before you begin: You need to know which programs you want to define to program control. If you run with enhanced program security, you might need to define some programs with the MAIN attribute via the APPLDATA operand on the PROGRAM profile.

Perform the following steps to define programs from traditional load libraries to program control.

  1. Activate the RACF® program control (both access control to load modules and program access to data sets).
    SETROPTS WHEN(PROGRAM)

    _______________________________________________________________

  2. Define one of the following profiles.
    1. For a particular program, define a discrete RACF PROGRAM class profile:
      RDEFINE PROGRAM membername ADDMEM('datasetname'/volser/NOPADCHK) UACC(READ)
    2. For all members in a data set:
      RDEFINE PROGRAM * ADDMEM('datasetname'/volser/NOPADCHK) UACC(READ)

    _______________________________________________________________

  3. Refresh the in-storage copy of the PROGRAM profile.
    SETROPTS WHEN(PROGRAM) REFRESH

_______________________________________________________________

When you are done, you have defined a program from a load library to program control.

Tips:
  1. PROGRAM profile * provides the same function as PROGRAM profile **. If you already have a PROGRAM profile * defined, do not create an ** profile. Instead, issue the RALTER command against PROGRAM * with the same operands shown in the RDEFINE PROGRAM example.
  2. If you are running in a sysplex with a shared RACF data base and your system libraries are also shared, then leaving the VOLSER off will allow you to use the same RACF definitions on all systems in the sysplex.
  3. Any time you add, change, or delete a profile in the PROGRAM class (with RDEFINE, RALTER, PERMIT, or RDELETE), you must update the in-storage copy of the PROGRAM profile.
    SETROPTS WHEN(PROGRAM)
    REFRESH
  4. Daemons that are shipped by z/OS reside in the file system and are controlled programs, so you do not need to define them to program control. For example, suppose you have a daemon named server1. The file /bin/server1 would have the sticky bit on. Member SERVER1 would reside in SYS1.LINKLIB and be defined as a controlled program.
    RDEFINE PROGRAM SERVER1
    ADDMEM('SYS1.LINKLIB'/'******'/NOPADCHK) UACC(READ)
    SETROPTS WHEN(PROGRAM) REFRESH

    Tip: You do not need to define the daemons that are shipped by z/OS if you decide to define BPX.MAINCHECK, as discussed in Using enhanced program security.

  5. Daemons can load locales from the file system or from MVS™ load modules. If they are loaded from MVS load libraries, then these modules must be marked program-controlled. If they are loaded from the file system, the program control extended attribute bit must be set. The locales shipped by IBM® already have this extended attribute bit set.

Go to the previous page Go to the next page




Copyright IBM Corporation 1990, 2014