BPXP029I OPEN ERROR FOR FILE PATH pathname DEVICE ID devid INODE inodeno.

This message is issued when an open is attempted against a path name that does not have the proper attributes to be opened by an APF-authorized program, by a z/OS® UNIX set-user-ID or set-group-ID privileged program, or by a program that requires a must stay clean environment. The open may be as a result of the attempted execution or load of a z/OS UNIX program file or the attempt to call a REXX external function or subroutine file. In order for the file to be opened successfully, the file itself and any symbolic links that comprise the specified path name must have one of the following attributes:

• An owning UID of 0.
• If the program attempting to open the file is running as a set-user-ID, the owning UID of the file being opened must be equal to that of program making the request. Moreover, the file and any associated symbolic links must not be found in a file system mounted as NOSECURITY. You can use the z/OS UNIX chown command to change the file owning UID for a z/OS UNIX file or link. For more information about the chown command, see chown - Change the owner or group of a file or directory in z/OS UNIX System Services Command Reference.
• The program control or APF extended attribute is turned on. This will only apply to the file itself and not to a symbolic link, because a symbolic link does not have extended attributes. If the file is being opened using a symbolic link, then it must have an owning UID of 0 (see the first bullet in this list). The program control extended attribute is not honored for a file system mounted as NOSECURITY or NOSETUID. A user must have READ permission to the BPX.FILEATTR.PROGCTL RACF Facility Class profile to update the Program Control extended attribute of a file. See z/OS UNIX System Services Planning for documentation regarding this profile and setting the APF attribute.

In the message text:

pathname

The path name in the z/OS UNIX file system that was supplied to the z/OS UNIX callable service involved in the error. The path name displayed in this message is limited to 64 characters. Note that this path name might not be a fully qualified path name and may be truncated on the left. It also may represent a link to the actual file or an external symbolic link that is the cause of the error. The inode number and device ID should be used to uniquely identify the fully qualified path name for the file or link that is the cause of the error. Once the fully qualified path name is determined, its file attributes can be viewed using the z/OS UNIX shell ls command. The following is a ls command example against a file with a fully qualified path name of /u/bin/testpgm that shows the file's attributes:

ls -El /u/bin/testpgm

devid

The device ID (st_dev) of file system containing the file or link. Use the D OMVS,F console command or the z/OS UNIX shell df -v command to determine the path associated with the device ID. A determination should also be made as to whether the file system is mounted as NOSETUID or NOSECURITY, since this can be the cause of the error. The z/OS UNIX shell df command can be used to view the attributes of a file system. The following is a df command example against a file system with a path name of /u/bin/:

df -v /u/bin/

inodeno

The inode number (st_ino) of file. The z/OS UNIX shell find command can be used to determine the fully qualified path name by supplying to the find command the path name associated with the device ID to start the search from along with the inode number. The following is a find command example where the path name associated with the device ID resolved to /u/bin/ and the inode number value is 1250:

find /u/bin/ -xdev -inum 1250