As far as the security of the system and the installed products during operation is concerned, it is important to observe the following when using default protection:
In the case of files which are created by applications or system components, it is important not to assign any default values which prohibit read or write access on the part of the products themselves.
The active rule containers must be accessible, together with all the referenced attribute and user ID guards. If they are not, file or job variable processing is rejected with the error message DMS05B5 or JVS044C.
Default protection is switched off during the startup and shutdown phases.
Default protection is switched off for the relevant pubset during a pubset import or export.
Notes for nonprivileged users:
No default protection rules should be set for files with the prefix “S.” or “SYS*”. Problems may occur if protection attribute default values are set which prevent access to these files:
no primary SYSOUT files and no temporary spool files can be created
it is not possible to start ENTER jobs since these require the creation of the primary SYSOUT file “S.OUT.<tsn>”.
Notes for system administrators:
The notes for nonprivileged users also apply to system administrators, in particular when pubset-global rule containers are used. In addition, no default protection rules should be defined for files and job variables with the prefix “SYS*” (e.g. “SYSLOG.” files) when these rule containers are used.
The following must also be observed:
In a computer network, the environment on each system must be compatible with that on each of the others. In particular, if SECOS is used on a computer in a computer network, you are strongly advised to install the same SECOS version on all the other computers in the network.
The withdrawal of access rights for “S.” files on the home pubset results in the termination of the job scheduler during system startup.
The ID SYSSAG should be excluded from default value assignment since this ID is used by IMON during product installation.
The table below contains a list of especially critical files and job variables together with the affected products:
Product/ | Type | Object | Problem |
JobScheduler | File | $<userid>.S.OUT.<tsn>* | Termination if not possible to access |
SPOOL | File | $<userid>.S.LST.<tsn>* | SPOOL files not created |
POSIX | File | $TSOS.S.IN.SINPRC.POSINST.<vers>.<tsn>* | Initial POSIX installation aborted |
File | $SYSROOT. SYSLOG.POSIX-BC.<vers>.INIT | POSIX start is aborted | |
Memory | File | :<catid>:$TSOS.SYS.PAGING.<vsn> | Not possible to delete paging file |
SIR | File | :<catid>:$TSOS.SIR.TEMPORARY-FILE.<tsn> | No extend pubset when copying with |
SystemDump | File | $SYSDUMP.<module-name> | Dump file cannot be created or |
MSCF | JV | $TSOS.SYS.PVS.<catid>.MASTER.CONTROL | Shared pubset import aborts |
File | $TSOS.SYS.MSCF-TRACE.<date> | MSCF trace file cannot be created. | |
DSSM | File | $TSOS.DSSMLOG.<date>.<time> | No DSSM logging |
HSMS | JV | $SYSHSMS.SYS.HSM.MIGRATE.<catid> | Migration cannot be started |
ARCHIVE | File | :<catid>:$TSOS.ARCHIVE* | Not possible to write to archive if |
IMON | File | $SYSSAG.*. With the suffix | IMON installation aborted |