For APAR OA41101, the behavior of certain z/OS UNIX Services has been changed.
(Please note: The z/OS agent is also known by the name IBM Tivoli Compliance Insight Manager, Tivoli Security Information and Event Manager, and Compliance Insight Manager Enabler for z/OS.)
This will cause a component of the TSIEM z/OS agent that works with zSecure under z/OS to abend with EC6-xxxxC04A.
After application of the PTF for APAR OA41101, trying to use external links to APF authorized programs will lead to the abend. Therefore files with sticky and APF bits turned on must be used now.
A temporary circumvention is to make the Owner of the symbolic link CKRCARLx to be a userid/group that has UID(0).
To perform the temporary workaround, change the Owner of &C2EPATH/run/CKRCARLx to a userid/group that has UID(0), using the following command sequence - note the '-h' parameter with the chown command in step 3.: that is required to enable the change without following the symbolic link:
2.cd /u/c2eaudit/actuatr1/run/ <==&C2EPATH/run
3. chown -h BPXROOT CKRCARLx
STOP THE DAEMON TASK WITH /S C2ECSTOP
THEN START THEM UP AGAIN /S C2EAUDIT
(In the above example, BPXROOT userid has already been defined, has UID(0) and is connected to the original userid's group, so group did not need to be specified.)
|Security||Tivoli Compliance Insight Manager||8.5|
|Security||Tivoli Security Information and Event Manager||2.0|