Description: Starting in z/OS V2R1, the requirements for the execution or loading of z/OS UNIX executable programs via the z/OS UNIX spawn, exec, loadhfs, loadhfs extended and attach_exec services and the REXX external subroutine and function processing have changed. These changes apply only to the usage of these interfaces by z/OS UNIX set-user-ID or set-group-ID privileged programs. A set-user-ID or set-group-ID privileged program is installed in the z/OS UNIX file system with either the set-user-ID or set-group-ID bit turned on.
The affected interfaces, when invoked from a z/OS UNIX set-user-ID or set-group-ID privileged program, now require that a target z/OS UNIX program file have a file owning UID of 0 or a file owning UID that is equal to that of the set-user-ID program, or have the program control extended attribute turned ON. Additionally, the target z/OS UNIX program file cannot be located in a NoSecurity file system. If any part of the z/OS UNIX path name that resolves to the target z/OS UNIX program file is a symbolic link, the symbolic link also must meet the same requirements.
For complete migration actions including action before and after the first IPL, see Determine if any sticky bit files or external links in your z/OS UNIX file system are involved in the invocation of MVS programs that are link-edited with the AC=1 attribute (Part 2 after IPL of z/OS V2R1) and Determine if any sticky bit files or external links in your z/OS UNIX file system are involved in the invocation of MVS programs that are link-edited with the AC=1 attribute (Part 2 after IPL of z/OS V2R1).