For APAR OA41101, the behavior of certain z/OS UNIX Services has been changed.
(Please note: The z/OS agent is also known by the name IBM Tivoli Compliance Insight Manager Eanbler for z/OS.)
This will cause a component of the TSIEM z/OS agent to abend with EC6-xxxxC04A,
because after application of the PTF for APAR OA41101, trying to use external links to APF authorized programs will lead to the abend. Therefore files with sticky and APF bits turned on must be used now.
However, a temporary circumvention is to make the Owner of the symbolic link CKRCARLx to be a userid/group that has UID(0).
To perform the temporary workaround, change the Owner of &C2EPATH/run/CKRCARLx to a userid/group that has UID(0), using the following command sequence - note the '-h' parameter with the chown command in step 3.: that is required to enable the change without following the symbolic link:
2.cd /u/c2eaudit/actuatr1/run/ <==&C2EPATH/run
3. chown -h BPXROOT CKRCARLx
STOP THE DAEMON TASK WITH /S C2ECSTOP
THEN START THEM UP AGAIN /S C2EAUDIT
(In the above example, BPXROOT userid has already been defined, has UID(0) and is connected to the original userid's group, so group did not need to be specified.)
|Security||Tivoli Compliance Insight Manager||8.5|
|Security||IBM Security zSecure Audit||1.13.0, 1.13.1, 1.12|
|Security||IBM Security zSecure Audit for RACF|
|Security||IBM Security zSecure Audit for ACF2|
|Security||IBM Security zSecure Audit for Top Secret|