IBM Support

PI17122: FILEOUTPUT NODE CREATES FILES WITH PERMISSIONS 666

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Using the FileOutput node in a z/OS broker message flow to
    create new files on the local z/OS filesystem results in the
    files being created with permissions 666. Setting a umask value
    in the users profile does not have any effect on the file
    permissions.
    

Local fix

  • As a workaround, setting _BPX_BATCH_UMASK=nnnn (where nnnn =
    umask value) in the ENVFILE allows the user to override the
    default umask value.
    

Problem summary

  • ****************************************************************
    USERS AFFECTED:
    All users of WebSphere Message Broker V7.0 and V8.0 and IBM
    Integration Bus V9.0 on Unix and z/OS platforms using the
    FileOutputNode.
    
    
    Platforms affected:
    z/OS, Solaris SPARC platform, Solaris x86-64 platform, Linux on
    zSeries platform, Linux on x86-64 platform, Linux on x86
    platform, Linux on Power platform, HP-UX Itanium platform, AIX
    
    ****************************************************************
    PROBLEM DESCRIPTION:
    The FileOutputNode is Java based and files written to the local
    file system from this node will result in the Java default file
    permissions of 666 on z/OS, which is not very secure.
    
    
    There are a number of resource name changes between WebSphere
    Message Broker and IBM Integration Bus Version 9.0. For details
    visit
    www.ibm.com/support/knowledgecenter/SSMKHH_9.0.0/com.ibm.etools.
    mft.doc/bb23814_.htm.
    

Problem conclusion

  • On Unix platforms, it is possible to force the FileOutput node
    to respect the system's UMASK settings by exporting the
    MQSI_UMASK_COPY=1 environment variable. If this is not set, then
    we default to a UMASK value of 6, so files are created with
    permissions 660.
    
    On z/OS, the MQSI_UMASK_COPY environment variable is not
    effective and as the FileOutputNode is Java based, we default to
    the Java UMASK settings of 0, so files are created with
    permissions 666.
    
    After the changes made under this APAR, it will be possible to
    set the UMASK for the product on Unix and z/OS platforms using a
    new environment variable, MQSI_SET_DFE_UMASK=nnnn, where nnnn is
    the UMASK value you want to specify. Please note that the
    minimum permissions level we allow is rw rw (660) and any
    setting which requests more restrictive permissions than this
    will be ignored.
    
    On all Unix and z/OS platforms, if neither of the UMASK
    environment variables are set, then the files will be created
    with a UMASK of 6. This is a change in behaviour on z/OS only,
    and to revert back to the Java default UMASK value of 0, you
    will be required to set MQSI_SET_DFE_UMASK=0 in the ENVFILE.
    
    ---------------------------------------------------------------
    The fix is targeted for delivery in the following PTFs:
    
    Version    Maintenance Level
    v7.0       7.0.0.8
    v8.0       8.0.0.5
    v9.0       9.0.0.3
    
    The latest available maintenance can be obtained from:
    http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27006041
    
    If the maintenance level is not yet available,information on
    its planned availability can be found on:
    http://www-1.ibm.com/support/docview.wss?rs=849&uid=swg27006308
    ---------------------------------------------------------------
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI17122

  • Reported component name

    WEB MB Z/OS

  • Reported component ID

    5655V6000

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2014-05-01

  • Closed date

    2014-05-29

  • Last modified date

    2015-04-07

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEB MB Z/OS

  • Fixed component ID

    5655V6000

Applicable component levels

  • R700 PSY

       UP

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
07 April 2015