Java file authorities in the integrated file system

To run or debug a Java™ program, the class file, JAR file, or ZIP file needs to have read authority (*R). Directories need read and execute authorities (*RX).

Note: Files and directories that do not have execute authority (*X) always appear to have execute authority (*X) to a user with QSECOFR authority. Different users can get different results in certain situations, even though both users appear to have the same access to the same files. This is important to know when running shell scripts using the Qshell Interpreter or java.Runtime.exec().

For example, one user writes a Java program that uses java.Runtime.exec() to call a shell script, then tests it using a user ID with QSECOFR authority. If the file mode of the shell script has read and write authority (*RW), the integrated file system allows the user ID with QSECOFR authority to run it. However, a non-QSECOFR authority user could try to run the same Java program, and the integrated file system would tell the java.Runtime.exec() code that the shell script cannot be run, because *X is missing. In this case, java.Runtime.exec() throws an input and output exception.

You can also assign authorities to new files created by Java programs in an integrated file system. By using the os400.file.create.auth system property for files and os400.dir.create.auth for directories, any combination of read, write, and execute authorities may be used.

For more information, see the Program and CL Command APIs or the Integrated file system.