IBM Support

PH65478: IBM EXPLORER FOR Z/OS V3.4 - SECURITY VIOLATIONS FOR RSED USERID WHEN USING UNIXPRIV PROFILES

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The RSED userid needs authority through UID 0, BPX.SUPERUSER, or
specific UNIXPRIV profiles for log collection purposes. When the
RSED server starts it performs a test with the UNIX 'su' command
to verify log collection. However, UNIXPRIV does not give true
superuser authority to issue 'su'. Some customers may see
security violations for the RSED userid due to this.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED: All users                                    *
****************************************************************
* PROBLEM DESCRIPTION: During startup, zExplorer host may      *
*                      produce the error insufficient          *
*                      authority message. It's just a warning  *
*                      and does not affect zExplorer           *
*                      functionalities.                        *
****************************************************************
It is a from the work-around to test if Daemon can achieve
superuser authority to be used as the best effort to accommodate
feklogs operation when the unix profile security requirement not
met.

    



Problem conclusion


    

  • feklogs operation implementation has its own way of testing this
work-around. It can be skipped from Daemon Java component side.
The test for the authority and its execution during feklogs
operation is removed from Daemon Java component.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PH65478
    • 

  • Reported component name
    EXP FOR Z/OS HO
    • 

  • Reported component ID
    5655EXP23
    • 

  • Reported release
    340
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2025-02-28
    • 

  • Closed date
    2025-05-02
    • 

  • Last modified date
    2025-05-09
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Modules/Macros


    

  • FEJENF70 FEJJCNFG FEJJJCL  FEJJMON  FEJTSO   FEK1SMPE FEK2RCVE
FEK3ALOC FEK4ZFS  FEK5MKD  FEK6DDEF FEK7APLY FEK8ACPT FEK@CERR
FEK@CONE FEK@CONF FEK@CUST FEK@DEB  FEK@DESC FEK@FLOW FEK@GEN
FEK@GENW FEK@ISPF FEK@IVP  FEK@IVPD FEK@IVPW FEK@JCN1 FEK@JCNE
FEK@JESJ FEK@MAIN FEK@MIGO FEK@OPTE FEK@OPTG FEK@OPTN FEK@PRIM
FEK@RSE1 FEK@RSEO FEK@STRT FEK@TAB1 FEK@TAB2 FEK@TAB3 FEK@WRK1
FEK@WRK2 FEK@WRK3 FEK@WRK4 FEK@WRK5 FEKAPPCC FEKAPPCL FEKAPPCX
FEKATTR  FEKDSI   FEKEESX0 FEKFASIZ FEKFATT1 FEKFBLD  FEKFCIPH
FEKFCLIE FEKFCMOD FEKFCMPR FEKFCMSG FEKFCOMM FEKFCOPY FEKFCOR6
FEKFCORE FEKFDBG  FEKFDBG6 FEKFDBGM FEKFDIR  FEKFDIR6 FEKFDIVP
FEKFDST0 FEKFDST1 FEKFDST2 FEKFENVF FEKFENVI FEKFENVP FEKFENVR
FEKFENVS FEKFEPL  FEKFERRF FEKFGDGE FEKFICUL FEKFISPF FEKFIVP0
FEKFIVPA FEKFIVPD FEKFIVPI FEKFIVPJ FEKFIVPT FEKFJESM FEKFJESU
FEKFJLIC FEKFJSON FEKFJVM  FEKFLATR FEKFLDSI FEKFLDSL FEKFLEOP
FEKFLOGS FEKFLPTH FEKFMAI6 FEKFMAIN FEKFMINE FEKFMNTL FEKFNTCE
FEKFOMVS FEKFPATT FEKFPKCS FEKFPLUG FEKFPTC  FEKFRIVP FEKFRMSG
FEKFRSES FEKFRSRV FEKFSCMD FEKFSEND FEKFSSL  FEKFSTUP FEKFT000
FEKFT002 FEKFT003 FEKFT004 FEKFT005 FEKFT006 FEKFT007 FEKFT008
FEKFT009 FEKFT010 FEKFTEAM FEKFTIVP FEKFTSO  FEKFUTIL FEKFVERS
FEKFXITA FEKFXITL FEKFZOS  FEKHCONF FEKHCUST FEKHDEB  FEKHDESC
FEKHFLOW FEKHGEN  FEKHISPF FEKHIVP  FEKHIVPD FEKHJESJ FEKHMAIN
FEKHMIGO FEKHOPTE FEKHOPTN FEKHPRIM FEKHRSE1 FEKHRSEO FEKHSTRT
FEKHTAB1 FEKHTAB2 FEKINIT  FEKKEYS  FEKLOCKA FEKLOGR  FEKLOGS
FEKM00   FEKM01   FEKM02   FEKMKDIR FEKMOUNT FEKMSGC  FEKMSGS
FEKPKCS1 FEKRACF  FEKRSED  FEKSAPF  FEKSAPPL FEKSBPX  FEKSCLAS
FEKSCLOG FEKSCMD  FEKSCPYM FEKSCPYU FEKSDSN  FEKSENV  FEKSETUP
FEKSISPF FEKSJCFG FEKSJCMD FEKSJMON FEKSJWT  FEKSJWTU FEKSLPA
FEKSPROG FEKSPTKT FEKSRSED FEKSSERV FEKSSTC  FEKSSU   FEKSUSER
FEKXCFGE FEKXCFGI FEKXCFGM FEKXCFGT FEKXMAIN FEKXML   HUHFCOR6
HUHFCORE

    



Fix information


    

  • Fixed component name
    EXP FOR Z/OS HO
    • 

  • Fixed component ID
    5655EXP23
    • 



Applicable component levels


    

  • R330  PSY  UO03032
       UP25/05/09  I  1000
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBDYH","label":"IBM Explorer for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"340","Line of Business":{"code":"LOB70","label":"Z TPS"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            09 May 2025
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback