Description: Starting in z/OS V2R1, the requirements for the execution or loading of z/OS UNIX executable programs through the z/OS UNIX spawn, exec, loadhfs, loadhfs extended and attach_exec services and the REXX external subroutine and function processing have changed. These changes apply only to the usage of these interfaces by z/OS UNIX set-user-ID or set-group-ID privileged programs. A set-user-ID or set-group-ID privileged program is installed in the z/OS UNIX file system with either the set-user-ID or set-group-ID bit turned on.
The affected interfaces, when invoked from a z/OS UNIX set-user-ID or set-group-ID privileged program, now require that a target z/OS UNIX program file have a file owning UID of 0 or a file owning UID that is equal to that of the set-user-ID program, or have the program control extended attribute turned ON. Additionally, the target z/OS UNIX program file cannot be located in a NoSecurity file system. If any part of the z/OS UNIX path name that resolves to the target z/OS UNIX program file is a symbolic link, the symbolic link also must meet the same requirements.
Element or feature: | z/OS UNIX. |
When change was introduced: | z/OS V2R1. |
Applies to migration from: | z/OS V1R13 and z/OS V1R12. |
Timing: | Before the first IPL of z/OS V2R1. |
Is the migration action required? | No, but recommended even though most, if not all, IBM and vendor products install their z/OS UNIX executable files and associated links into the z/OS UNIX file system with an owning UID of 0. |
Target system hardware requirements: | None. |
Target system software requirements: | None. |
Other system (coexistence or fallback) requirements: | None. |
Restrictions: | None. |
System impacts: | None. |
Related IBM Health Checker for z/OS check: | None. |
Steps to take: Before you begin, note that the standard IBM product installation process (SMP/E) installs all product-related files and links with an owning UID of 0 with the possible exception of set-user-id program files.
If you see EC6-xxxxE04B abends occurring, look for message BPXP029I in the system log to determine the details of the z/OS UNIX files or links involved with the errors and how to correct the problem. This abend is indicative of an attempt to execute, call or load an improperly installed z/OS UNIX executable program file. For more information about message BPXP029I, see .z/OS MVS System Messages, Vol 3 (ASB-BPX)