With z/OS V1R3, Managed System Infrastructure for Setup (msys) provides customization support for UNIX System Services. Other enhancements include improved system management features, a greater level of security for HFS files and directories with access control lists (ACLs), and numerous enhancements to ISHELL.


Managed System Infrastructure for Setup support

z/OS Managed System Infrastructure for Setup (msys for Setup) significantly reduces the complexity of setting up the z/OS UNIX environment. It uses a series of customization dialogs to help you establish the basic definitions and values used by the TFS and HFS file systems and set limits on z/OS UNIX system resources. Default settings are based on best practices and current experience. Each panel supplies extensive help.

Improved system management features

  • New functions for the automount facility
    • System symbolics are supported.
    • New keywords on automount generic entries support the use of automount to allocate HFS data sets: allocany, allocuser, and lowercase.
    • A new flag option on the automount shell command, -q, displays the current automount policy.
  • Sysplex mount table limit monitoring
    A new eventual action console message warns when the mount table limit in the Coupled Data Set (CDS) reaches critical limits of 85%, 90%, 95% and 100%. Another new message is issued when the resource shortage has been relieved.
    These messages are issued only when the installation has set up system limit messaging (with the LIMMSG= statement in BPXPRMxx.)
  • OMVS outage avoidance
    With this support you can recycle the OMVS address space and its associated workload without having to re-IPL mission-critical systems.
    • The F OMVS operator command has a new keyword, SHUTDOWN, that shuts down the entire z/OS UNIX system and all processes.
    • The output of the D OMVS operator command indicates which processes are registered as permanent or blocking.
    • A SIGTERM signal is sent to each eligible process to indicate that a system shutdown is imminent. Applications that use SIGTERM for other purposes can specify that a new signal, SIGDANGER, can be used as the initial indication of an imminent shutdown. This is done with the new environment variable, _BPXK_SIGDANGER.
    • The SHUTDOWN_REG parameter on the BPX1ENV callable service registers the caller for special treatment at OMVS shutdown time.
    • The BPX1SDD (set_dub_default) callable service has three new options: DUBJOBPERM, DUBABENDCALLS, and DUBNOJSTUNDUB, which handle the behavior of the calling task and its subtasks during a shutdown and restart of OMVS.
  • Automatic removal of mounted file systems when a system leaves the sysplex
    You can specify that a file system is to be automatically unmounted when the system leaves the sysplex. This includes any file systems mounted on that file system.
    • The UNMOUNT keyword is added to the AUTOMOVE | NOAUTOMOVE keyword on the MOUNT statement in BPXPRMxx. When specified, it indicates that the file system should be unmounted whenever the system leaves the sysplex.
    • The SETOMVS operator command has a new UNMOUNT operand.
    • The MOUNT TSO/E command has a new UNMOUNT option.
    • The mount and chmount shell commands have new unmount options.
    • The output of the DISPLAY OMVS operator command reflects the new UNMOUNT option.
    • File system information displayed by the df -v shell command provides unmount information.
    • The __mount (BPX2MNT) callable service supports unmount with an unmount bit defined in the mnte control block.
    • The getmntent syscall command has a new variable for unmount requests, MNT_MODE_AUNMOUNT.
  • Colony address spaces started outside of JES

    A new start parameter on the ASNAME keyword of the FILESYSTYPE statement of BPXPRMxx, SUB=MSTR, specifies that an address space is not to be started under JES. This allows you to recycle JES without affecting the DFS or NFS clients. APAR OW48709 is required for this support.

Access control to files and directories by individual UIDs and GIDs

Access control lists (ACLs) extend the security provided by permission bits, by allowing you to control access to files and directories by individual user (UID) and group (GID). Previously, HFS files were protected only with POSIX permission bits, which are contained within the File Security Packet (FSP) in the file system. You could only specify permissions for file owner (user), group owner, and everyone else. ACLs behave much like RACF profile access lists, but they are contained within the file system. The currently participating file systems are HFS and zFS.

Shell commands are added or modified to support ACLs:

  • Two new shell commands, setfacl and getfacl, define and display ACLs.
  • cp options -p and -Z preserve the ACLs of files and directories, and specify that error messages are not displayed when ACLs are being set on the target, respectively.
  • df displays ACL information.
  • find, test, and the test, [...], and the [[...]] reserved-word commands have new ACL primary operators.
  • getconf displays ACL information.
  • ls indicates the presence of ACLs.
  • mv option -Z specifies that error messages are not displayed when ACLs are being set on the target.
  • pax has a new keyword, -o, which displays extended ACL data.
  • tar has a new -L type option, which displays extended ACL entries.
  • tcsh has new file inquiry operators to support ACLs.
  • Callable services are modified to support ACLs:
  • The BPX1FPC (fpathconf) and BPX1PCF (pathconf) callable services support new pathname variables: _ACL and _ACL_ENTRIES_MAX.
  • The BPX1IOC (w_ioctl) and BPX1PIO (w_pioctl) callable services accept two new commands: SetfACL and GetfACL.
  • REXX syscall commands are added or modified to support ACLs:
  • New REXX syscall commands are added: aclupdateentry, acldelete, acldeleteentry, aclfree, aclget, aclgetentry, aclinit, and aclset.
  • New variables are added to stat, fstat, and lstat REXX syscall commands: ST_ACCESSACL, ST_DMODELACL, and ST_FMODELACL.
  • New variables are added to the pathconf REXX syscall command: PC_ACL and PC_ACL_MAX.

ISHELL enhancements

Numerous enhancements have been made to ISHELL in response to customer requests:

  • Many changes have been made to the directory list:
    • Most areas of the directory list are cursor sensitive. You can, for instance, click on a file name and get a panel showing the full path name for that file.
    • The directory list panel contains brief instructional information and an action bar specific to the directory list. These can both be turned on or off.
    • The current directory path name was previously shown as selected, with dots, dot-dots, and symlinks. It is now fully resolved. In addition, the directory name is preceded with the effective UID of the process.
    • Sort options are extended beyond the file name, and a secondary sort column can be specified.
    • File names in the directory list can be displayed in different colors, based on selected criteria (such as file type, setuid or setgid bit on, sticky bit on, file marked as executable, etc.) Colors are specified with the colors command.
  • The main panel shows the effective UID of the process, and it remembers the last path name that was entered.
  • The su command entered on the command line allows a UID or user name to be specified. The su command from the pull-down on the action bar cannot switch to a UID.
  • The execute command no longer executes the selected file. A panel is displayed that allows you to enter a command and select the method for command execution. The command can be executed directly (local spawn), as a shell command through a login shell (sh -Lc), or as a TSO command. The selected path is automatically inserted at the end of the command line by default. You can also use {} anywhere within the command, any number of times, and it will be replaced with the selected path name.
  • Time stamps on all panels that contain time stamps display local time based on the TZ setting for that user. The time stamp format is changed to be consistent with the ISO 8601 standard (yyy-mm-dd hh:mm). The directory list can also be configured to display the last changed time for files.
  • The two panels that allow you to create HFS file systems have two new optional fields, Volume and Unit. When either is specified, it is added to the allocation command that gets issued.
  • ISHELL can now be run with the option -d, and ISHELL will not suppress ISPF severe dialog errors, but terminate. This should only be used at the direction of IBM support.
  • The oedit shell utility and OEDIT TSO command have an -r xx option to set the record length to be edited for fixed length text files.
  • The oedit and obrowse shell utilities now pass the effective user ID of the process to the TSO session. If the effective user ID does not match that of the TSO process, the OEDIT or OBROWSE TSO commands attempt to set the effective user ID of the TSO process to that of the shell command before loading the file.


Contact IBM

Browse z/OS