The chaudit service changes the types of access to a file to be audited for the security product. The chaudit service identifies the file by its path name.
For the corresponding service using a file descriptor, see fchaudit (BPX1FCA, BPX4FCA) — Change audit flags for a file by descriptor.
Operation | Environment |
---|---|
Authorization: | Supervisor state or problem state, any PSW key |
Dispatchable unit mode: | Task |
Cross memory mode: | PASN = HASN |
AMODE (BPX1CHA): | 31-bit |
AMODE (BPX4CHA): | 64-bit |
ASC mode: | Primary mode |
Interrupt status: | Enabled for interrupts |
Locks: | Unlocked |
Control parameters: | All parameters must be addressable by the caller and in the primary address space. |
|
AMODE 64 callers use BPX4CHA with the same parameters.
The name of a fullword that contains the length of the path name of the file.
The name of a field that contains the path nme of the file for which auditing is to be changed.
Value | Description |
---|---|
AUDTREADFAIL | Audit failing read requests. |
AUDTREADSUCCESS | Audit successful read requests. |
AUDTWRITEFAIL | Audit failing write requests. |
AUDTWRITESUCCESS | Audit successful write requests. |
AUDTEXECFAIL | Audit failing execute or search requests. |
AUDTEXECSUCCESS | Audit successful execute or search requests. |
The name of a fullword in which the chaudit service returns 0 if the request is successful, or -1 if it is not successful.
Return_code | Explanation |
---|---|
EACCES | The calling process does not have search permission for some component of the Pathname prefix. |
EINVAL | The Option_code parameter is incorrect. The following reason code can accompany the return code: JRBadAuditOption. |
ELOOP | A loop exists in symbolic links that were encountered during resolution of the Pathname argument. This error is issued if more than 24 symbolic links are detected in the resolution of Pathname. |
ENAMETOOLONG | Pathname is longer than 1023 characters, or some component of the path name is longer than 255 characters. Name truncation is not supported. |
ENOENT | No file named Pathname was found, or no path name was specified. The following reason code can accompany the return code: JRFileNotThere. |
ENOTDIR | A component of the Pathname prefix is not a directory. |
EPERM | The effective UID of the calling process does not match the file's owner UID; the calling process does not have appropriate privileges (see Authorization); or if Option_code indicated that the auditor audit flags were to be changed, the user does not have auditor authority. |
EROFS | The file exists on a read-only file system. The following reason code can accompany the return code: JRReadOnlyFS. |
The name of a fullword in which the chaudit service stores the reason code. The chaudit service returns a Reason_code only if Return_value is -1. Reason_code further qualifies the Return_code value. For the reason codes, see z/OS UNIX System Services Messages and Codes.
You can get auditor authority by entering the TSO/E command ALTUSER Auditor.
There are no restrictions on the use of the chaudit service.
For an example using this callable service, see BPX1CHA (chaudit) example.