IP Services: Permit intranode management network application to use OSM interfaces
Description
Beginning in z/OS V2R1, access to OSM interface information by using ioctls SIOCGIFNAMEINDEX, SIOCGHOMEIF6, and SIOCGIFCON6 has been restricted to applications with READ authorization to the EZB.OSM.sysname.tcpname resource.
Table 1 provides more details about this migration action. Use this information to plan your changes to the system.
Element or feature: | z/OS Communications Server. |
---|---|
When change was introduced: | z/OS V2R1. |
Applies to migration from: | z/OS V1R13. |
Timing: | Before installing z/OS V2R2. |
Is the migration action required? | Yes, if you run an application that requires OSM interface information by using the ioctls. |
Target system hardware requirements: | None. |
Target system software requirements: | None. |
Other system (coexistence or fallback) requirements: | None. |
Restrictions: | None. |
System impacts: | None. |
Related IBM Health Checker for z/OS check: | None. |
Steps to take
An applications that uses ioctls SIOCGIFNAMEINDEX, SIOCGHOMEIF6, or SIOCGIFCONF6 to retrieve OSM interface information requires authorization to the EZB.OSM.sysname.tcpname resource.
- If your security server is RACF, issue the following commands.
SETROPTS CLASSACT(SERVAUTH) SETROPTS RACLIST (SERVAUTH) RDEFINE SERVAUTH EZB.OSM.sysname.tcpprocname PERMIT EZB.OSM.sysname.tcpname CLASS(SERVAUTH) - ID(userid) ACCESS(READ) SETROPTS RACLIST(SERVAUTH) REFRESH
- If you use a different security server, perform the equivalent steps.
Reference information
For more information, see OSM access control in z/OS Communications Server: IP Configuration Guide.