APAR status
Closed as program error.
Error description
Using the FileOutput node in a z/OS broker message flow to create new files on the local z/OS filesystem results in the files being created with permissions 666. Setting a umask value in the users profile does not have any effect on the file permissions.
Local fix
As a workaround, setting _BPX_BATCH_UMASK=nnnn (where nnnn = umask value) in the ENVFILE allows the user to override the default umask value.
Problem summary
**************************************************************** USERS AFFECTED: All users of WebSphere Message Broker V7.0 and V8.0 and IBM Integration Bus V9.0 on Unix and z/OS platforms using the FileOutputNode. Platforms affected: z/OS, Solaris SPARC platform, Solaris x86-64 platform, Linux on zSeries platform, Linux on x86-64 platform, Linux on x86 platform, Linux on Power platform, HP-UX Itanium platform, AIX **************************************************************** PROBLEM DESCRIPTION: The FileOutputNode is Java based and files written to the local file system from this node will result in the Java default file permissions of 666 on z/OS, which is not very secure. There are a number of resource name changes between WebSphere Message Broker and IBM Integration Bus Version 9.0. For details visit www.ibm.com/support/knowledgecenter/SSMKHH_9.0.0/com.ibm.etools. mft.doc/bb23814_.htm.
Problem conclusion
On Unix platforms, it is possible to force the FileOutput node to respect the system's UMASK settings by exporting the MQSI_UMASK_COPY=1 environment variable. If this is not set, then we default to a UMASK value of 6, so files are created with permissions 660. On z/OS, the MQSI_UMASK_COPY environment variable is not effective and as the FileOutputNode is Java based, we default to the Java UMASK settings of 0, so files are created with permissions 666. After the changes made under this APAR, it will be possible to set the UMASK for the product on Unix and z/OS platforms using a new environment variable, MQSI_SET_DFE_UMASK=nnnn, where nnnn is the UMASK value you want to specify. Please note that the minimum permissions level we allow is rw rw (660) and any setting which requests more restrictive permissions than this will be ignored. On all Unix and z/OS platforms, if neither of the UMASK environment variables are set, then the files will be created with a UMASK of 6. This is a change in behaviour on z/OS only, and to revert back to the Java default UMASK value of 0, you will be required to set MQSI_SET_DFE_UMASK=0 in the ENVFILE. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v7.0 7.0.0.8 v8.0 8.0.0.5 v9.0 9.0.0.3 The latest available maintenance can be obtained from: http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27006041 If the maintenance level is not yet available,information on its planned availability can be found on: http://www-1.ibm.com/support/docview.wss?rs=849&uid=swg27006308 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
PI17122
Reported component name
WEB MB Z/OS
Reported component ID
5655V6000
Reported release
700
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-05-01
Closed date
2014-05-29
Last modified date
2015-04-07
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEB MB Z/OS
Fixed component ID
5655V6000
Applicable component levels
R700 PSY
UP
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M"},"Platform":[{"code":"PF054","label":"z Systems"}],"Version":"7.0"}]
Document Information
Modified date:
16 October 2021