If you start the Policy Agent with a user ID that does not have superuser authority [UID(0)], then read and write permission is required for the following directories and files:
- Directories
- /tmp/
- /var/tmp/
- Files
- Files created when you configure the PerformanceLogFile parameter
on the PolicyPerformanceCollection statement
For information about the PolicyPerformanceCollection statement, see z/OS Communications Server: IP Configuration Reference.
- Policy Agent log files
For information about using the -l parameter when starting Policy Agent from the z/OS® shell to specify the destination for the log file, see z/OS Communications Server: IP Configuration Reference.
Policy Agent pid fileThe /tmp/pagent.pid is a temporary file that the Policy Agent creates. This file contains the process ID of the current invocation of the Policy Agent.
Restrictions:- If /tmp/pagent.pid is a symbolic link, it must have an owning UID or GID that matches the EUID or EGID that is assigned to the Policy Agent.
- If /tmp/pagent.pid is a hard link or the target of a hard link, users that are outside the owner or group of the directory in which /tmp/pagent.pid is stored cannot have write access to the directory. Additionally, write access to /tmp/pagent.pid must be limited to the owning UID or group, for example, --w--w----permissions.
- Files created when you configure the PerformanceLogFile parameter
on the PolicyPerformanceCollection statement
At initialization, the Policy Agent creates a z/OS UNIX file called /tmp/tcpname.Pagent.tmp. This occurs for every TCP/IP stack defined on a TcpImage statement.
In this z/OS UNIX file, tcpname is the name of a TCP/IP stack from a TcpImage statement. During TCP/IP stack initialization, the TCP/IP stack will attempt to modify a file by this name to notify the Policy Agent that the stack has been reactivated. This causes the Policy Agent to automatically attempt to reinstall the existing policies to this stack.
When /tmp/tcpname.Pagent.tmp is in a read/write sysplex-aware z/OS file system (zFS), a symbolic link can be created to a file that is in a hierarchical file system (HFS) or in a read-only zFS to enable the update notification. In the following example, the ln command is used to create a symbolic link to a file in /mydir, where /mydir is in an HFS or a read-only zFS:
ln -s /mydir/TCPIP.Pagent.link /tmp/TCPIP.Pagent.tmp- Policy Agent
- If /tmp/tcpname.Pagent.tmp is a symbolic link, it must have an owning UID or GID that matches the EUID or EGID that is assigned to the Policy Agent.
- If /tmp/tcpname.Pagent.tmp is a hard link or the target of a hard link, users that are outside the owner or group of the directory in which /tmp/tcpname.Pagent.tmp is stored cannot have write access to the directory. Additionally, write access to /tmp/tcpname.Pagent.tmp must be limited to the owning UID or group, for example, --w--w----permissions.
- TCP/IP stack
- If /tmp/tcpname.Pagent.tmp is a symbolic link, it must have an owning UID or GID that matches the EUID or EGID that is assigned to the TCP/IP stack.
- If /tmp/tcpname.Pagent.tmp is a hard link or the target of a hard link, users that are outside the owner or group of the directory in which /tmp/tcpname.Pagent.tmp is stored cannot have write access to the directory.
- Enqueue name is TCP_TCPI
- Resource name is TCPIP.PAGENT
When starting from the shell, note that the Policy Agent executable file is in the /usr/lpp/tcpip/sbin directory. There is also a link from the /usr/sbin directory. Make sure your PATH statement contains either the /usr/sbin or /usr/lpp/tcpip/sbin directory.
pagent -c /u/user10/pldap.conf -l SYSLOGD &- Policy Agent uses the configuration file /u/user10/pldap.conf
- Policy Agent logs output to the syslog daemon (SYSLOGD). Note that "SYSLOGD" must be specified in uppercase to obtain this behavior
Use the S PAGENT command on an MVS™ console or SDSF to start the Policy Agent as a started task. A sample procedure is shipped in member EZAPAGSP in SEZAINST.