IBM eServer™
^
business on demand software
zOS_V1R8_USS_File_Operations_Management.ppt Page 1 of 25
Agenda
Operations management
Setting up users
Displaying kernel limits
Displaying processes
Ending processes
Shutdown procedures
Helpful sites
Publications
zOS_V1R8_USS_File_Operations_Management.ppt Page 2 of 25
Setting up a general user
To access the z/OS® UNIX® environment it is important that the user
have a specific UID and GID. The UID and GID are stored in the
RACF® database.
RACF can automatically generate a unique ID value in the OMVS
segment upon your request. This is done by defining a profile called
BPX.NEXT.USER in the FACILITY and then specifying:
Note: Although you can assign the same UID to multiple users, it is not recommended.
However, it may be necessary for some cases, such as superusers. If you assign the
same UID to multiple users, control at an individual user level is lost because the UID is
used in z/OS UNIX security checks. Users with the same UID assignment are treated as a
single user during z/OS UNIX security checks.
Automatic UID and GID assignment is implemented by using a AUTOUID keyword with
the ADDUSER and ALTUSER commands. An unused UID will be assigned to the new or
modified user. Using the AUTOGID keyword on ADDGROUP and ALTGROUP
commands, a GID will be automatically assigned to the new or modified group.
Refer to z/OS Security Server RACF Security Administrator’s Guide -> RACF and z/OS
UNIX for additional information on defining OMVS users through RACF.
zOS_V1R8_USS_File_Operations_Management.ppt Page 3 of 25
Setting up a general user
To access the z/OS UNIX environment it is important that the user have
a specific UID and GID. The UID and GID are stored in the RACF
database:
Add a GID to the RACF group profile for an existing or new RACF group of
the user, or the user's default group
Example:
ADDGROUP GRP0 OMVS(GID(AUTOGID)) SUPGROUP(SYS1)
Add a UID to the RACF user profile for an existing or new TSO/E user and
connecting each user to a RACF group that has a GID
Example:
ADDUSER USR0 DFLTGRP(GRP0)'
ALTUSER USR0 OMVS(UID(AUTOUID) HOME(/u/usr0) PROGRAM(/bin/sh))'
ALTUSER USR0 PASSWORD(changeme)'
ALTUSER USR0 TSO(PROC(REL7PROC) ACCTNUM(MVS420) SIZE(50000))'
CONNECT USR0 GROUP(SYS1)'
CONNECT USR0 GROUP(GRP0)'
Note: Although you can assign the same UID to multiple users, it is not recommended.
However, it may be necessary for some cases, such as superusers. If you assign the
same UID to multiple users, control at an individual user level is lost because the UID is
used in z/OS UNIX security checks. Users with the same UID assignment are treated as a
single user during z/OS UNIX security checks.
Automatic UID and GID assignment is implemented by using a AUTOUID keyword with
zOS_V1R8_USS_File_Operations_Management.ppt
the ADDUSER and ALTUSER commands. An unused UID will be assigned toPage 4 ofor25
the new
modified user. Using the AUTOGID keyword on ADDGROUP and ALTGROUP
commands, a GID will be automatically assigned to the new or modified group.
Displaying user and group information
LU USR0 OMVS NORACF
USER=USR0
OMVS INFORMATION
----------------
UID= 0000068215
HOME= /u/usr0
PROGRAM= /bin/sh
CPUTIMEMAX= NONE
ASSIZEMAX= NONE
FILEPROCMAX= NONE
PROCUSERMAX= NONE
THREADSMAX= NONE
MMAPAREAMAX= NONE
LG GRP0 OMVS NORACF
INFORMATION FOR GROUP GRP0
OMVS INFORMATION
----------------
GID= 000000321
The RACF command LU (list user) displays the defined z/OS UNIX OMVS segment in the
RACF database when OMVS is specified. The RACF command GP (list group) displays
the defined z/OS UNIX OMVS segment in the RACF database when OMVS is specified.
zOS_V1R8_USS_File_Operations_Management.ppt Page 5 of 25
RACF default OMVS segments
BPX.DEFAULT.USER RACF Facility Class
Not recommended
USERIDS are mapped to a single UID/GID
presents problems in PD
presents problems with inaccurate accounting
users will have access to files belonging to other
users because these files will be owned by the
same UID/GID.
Meant for FTP installations where FTP was the only type of
z/OS UNIX work being done.
zOS_V1R8_USS_File_Operations_Management.ppt Page 6 of 25
Case-sensitive user ID and group names
User ID alias table
Associates lower and mixed-case alias names to uppercase
z/OS user and group names.
Alias names must follow XPG4 guidelines.
All users should be given read access. Update access to
superusers
USERIDALIASTABLE statement in BPXPRMxx
USERIDALIASTABLE=/etc/tablename
SETOMVS USERIDALIASTABLE=/etc/tablename
Slight performance degradation
If alias table is not active, lower/mixed-case alias
names are folded to uppercase.
1. The path name of the file should be /etc/tablename. This fits in with the IBM strategy
to place all customized data in the /etc directory. If a value for USERIDALIASTABLE is
not specified, alias names are not used.
2. Using the USERIDALIASTABLE statement degrades performance slightly. The more
names that you define, the greater the performance degradation.
3. For formatting rules for the alias table, refer to UNIX System Services Planning ->
USERIDALIASTABLE
4. Once a user is logged into the system, changing the user ID/group name alias table
does not change the alias name immediately. Database queries, however, will yield the
new alias if the user ID performing the query has read/execute access to the user
ID/group name alias table. The table is checked every 15 minutes and refreshed if it
has been changed. If a change needs to be activated sooner, you can use the
SETOMVS USERIDALIASTABLE command.
zOS_V1R8_USS_File_Operations_Management.ppt Page 7 of 25
Superusers
Uid 0
Access to all z/OS UNIX functions and resources
BPX.SUPERUSER RACF facility class
Use su to switch to uid 0 when superuser authority is
needed
UNIXPRIV class profiles
Superuser privileges to non-uid 0 users
Minimizes number of actual superusers
Allows high degree of granularity in resource access
Resource names in UNIXPRIV class associated with
z/OS UNIX privileges
1. Refer to UNIX System Services Planning -> Using UNIXPRIV class profiles for a
table of UNIXPRIV resource names an privileges. Example: UNIVPRIV resource
SUPERUSER.PROCESS.KILL allows the user to use kill to send a signal to any
process. SUPERUSER.FILESYS.CHOWN allows the user to use chown to change
ownership of any file.
zOS_V1R8_USS_File_Operations_Management.ppt Page 8 of 25
STEPLIBLIST
STEPLIBLIST specifies the path name of
the file in the file system that contains the
list of MVS™ data sets to be used as step
libraries for programs that have the set-
user-id and set-group-id bit set on.
path name of the file should be /etc/steplib
BPXPRMxx statement or SETOMVS/ SET
OMVS
Only superusers should be given update
access to the STEPLIBLIST file
1. The path name of the file should be /etc/steplib. This fits in with the IBM strategy to
place all customized data in the /etc directory.
2. Because programs with the setuid or setgid bit turned on are considered privileged
programs, they must run in a controlled environment. The STEPLIBLIST sanction list
provides this control by allowing those programs to use only the step libraries that are
considered trusted by the installation.
3. Because a working copy of the sanctioned list is maintained in storage, an update to
the file will take effect when the next setuid(0) program is run from a process with read
access to the stepliblist file.
4. Refer to UNIX System Services Planning -> STEPLIBLIST for formatting rules of the
STEPLIBLIST file.
5. Selected users can test new versions of run-time libraries before the new versions are
made available to everyone on the system. Customers who do not put the Language
Environment® Run-Time Library SCEERUN into the linklist should put the SCEERUN
data set name in this file.
zOS_V1R8_USS_File_Operations_Management.ppt Page 9 of 25
LIMMSG BPXPRMxx statement
LIMMSG(NONE) - no messages
LIMMSG(SYSTEM)/LIMMSG(ALL)
Console messages when limits reach 85%, 90%, 95%, 100%
zOS_V1R8_USS_File_Operations_Management.ppt Page 10 of 25
Managing limits
D OMVS,OPTIONS or D OMVS,O
Displays options set during initialization in
BPXPRMxx or by SET OMVS or SETOMVS after
initialization
D OMVS,LIMITS or D OMVS,L
Displays parmlib limits, high water marks, and
current usage
If pid is specified, information is for the
specific process
Description of D OMVS output is described under the specific BPX* message number in
zOS MVS System Messages
zOS_V1R8_USS_File_Operations_Management.ppt Page 11 of 25
Display OMVS,O
D OMVS,O
BPXO043I 08.38.57 DISPLAY OMVS 953
OMVS 000E ACTIVE OMVS=(E9)
CURRENT UNIX CONFIGURATION SETTINGS:
MAXPROCSYS = 1024 MAXPROCUSER = 512
MAXFILEPROC = 2000 MAXFILESIZE = NOLIMIT
MAXCPUTIME = 1000 MAXUIDS = 200
MAXPTYS = 256
MAXMMAPAREA = 409600 MAXASSIZE = 67108863
MAXTHREADS = 300 MAXTHREADTASKS = 150
MAXCORESIZE = 4194304 MAXSHAREPAGES = 2000000
IPCMSGQBYTES = 262144 IPCMSGQMNUM = 10000
IPCMSGNIDS = 500 IPCSEMNIDS = 1000
IPCSEMNOPS = 25 IPCSEMNSEMS = 32767
IPCSHMMPAGES = 262144 IPCSHMNIDS = 1000
IPCSHMNSEGS = 500 IPCSHMSPAGES = 262144
SUPERUSER = BPXROOT FORKCOPY = COW
STEPLIBLIST = /ict/slib
USERIDALIASTABLE= /ict/ictalias
zOS_V1R8_USS_File_Operations_Management.ppt Page 12 of 25
Display OMVS,O (continued)
PRIORITYPG VALUES: NONE
PRIORITYGOAL VALUES: NONE
MAXQUEUEDSIGS = 1000 SHRLIBRGNSIZE =
1610612736
SHRLIBMAXPAGES = 4096 VERSION = /
SYSCALL COUNTS = NO TTYGROUP = TTY
SYSPLEX = YES BRLM SERVER = N/A
LIMMSG = ALL AUTOCVT = OFF
RESOLVER PROC = DEFAULT
AUTHPGMLIST = NONE
SWA = BELOW
SERV_LINKLIB =
SERV_LPALIB =
1. The SYSPLEX (YES) option indicates the system is in a sysplex and is using the
shared file system capability. You cannot dynamically change the SYSPLEX parameter
through SETOMVS or SET OMVS. For more information, see the chapter on shared file
system in z/OS UNIX System Services Planning.
zOS_V1R8_USS_File_Operations_Management.ppt Page 13 of 25
Display OMVS,L
D OMVS,L
BPXO051I 08.47.18 DISPLAY OMVS 958
OMVS 000F ACTIVE OMVS=(ST,R9)
SYSTEM WIDE LIMITS: LIMMSG=SYSTEM
CURRENT HIGHWATER SYSTEM
USAGE USAGE LIMIT
MAXPROCSYS 40 133 10000
MAXUIDS 0 2 500
MAXPTYS 0 2 1000
MAXMMAPAREA 0 0 409600
MAXSHAREPAGES 244 163840 32768000
IPCMSGNIDS 28 86 20000
IPCSEMNIDS 0 6 20000
IPCSHMNIDS 0 35 20000
IPCSHMSPAGES 0 0 262144
IPCMSGQBYTES --- 39996 262144
IPCMSGQMNUM --- 33 10000
IPCSHMMPAGES --- 0 25600
zOS_V1R8_USS_File_Operations_Management.ppt Page 14 of 25
Dynamically changing the BPXPRMxx
parameter values
SETOMVS
modify BPXPRMxx settings without re-IPLing
setomvs MAXFILEPROC=200
SET OMVS
dynamically change the BPXPRMxx parameters that are in effect
set omvs=(aa,bb)
If a parameter is specified more than once with different values, in the parmlib members,
the first value specified is the first value that is used. For example, if you specify SET
OMVS=(AA,BB) where AA has a MAXPROCUSER=10 value and BB has a
MAXPROCUSER=5 value, MAXPROCUSER =10 is used.
SET OMVS=xx can be used to run the ROOT, MOUNT, FILESYSTYPE,
SUBFILESYSTYPE, and NETWORK statements in the BPXPRMxx member.
The MAXPROCSYS, MAXPTYS, IPCMSGNIDS, MAXFILEPROC, IPCSEMNIDS,
IPCSHMNIDS, and IPCSHMSPAGES specify maximum values. You can use the
SETOMVS or SET OMVS command to dynamically increase the current system setting,
but if you specify a value that is too low or too high, you will get an error message. To use
a value outside the range, you must change the specification in BPXPRMxx and re-IPL.
zOS_V1R8_USS_File_Operations_Management.ppt Page 15 of 25
Dynamic service activation
activate and deactivate z/OS UNIX service items without
IPLing
F OMVS,ACTIVATE=SERVICE – activates the service
PTFs - ++HOLD REASON(DYNACT) indicates they can be
dynamically activated
Activations remain in effect across ‘F OMVS,SHUTDOWN’ and can
be done after ‘F OMVS,SHUTDOWN’
NOTE: fixes that have been dynamically activated do not remain in
effect across IPLs
F OMVS,DEACTIVATE=SERVICE – backs off the service.
D OMVS,ACTIVATE = SERVICE – displays current set of
services that were dynamically activated.
SERV_LPALIB and SERV_LINKLIB parameters in the
BPXPRMxx member.
zOS_V1R8_USS_File_Operations_Management.ppt Page 16 of 25
D OMVS
D OMVS,A=ALL
Displays process information for all z/OS UNIX
System Services address spaces.
D OMVS,PID=processid
Displays thread information for the processid that is
specified in decimal numbers.
In a sysplex environment, you must issue the D
OMVS,PID= command from the system on which
the specified process is running.
zOS_V1R8_USS_File_Operations_Management.ppt Page 17 of 25
D OMVS,A=ALL
d omvs,a=all
BPXO040I 09.53.22 DISPLAY OMVS 598
OMVS 000E ACTIVE OMVS=(E9)
USER JOBNAME ASID PID PPID STATE START CT_SECS
IBMUSER BPXOINIT 0020 1 0 MR---- 07.23.12 .170
LATCHWAITPID= 0 CMD=BPXPINPR
SERVER=Init Process AF= 0 MF=00000 TYPE=FILE
CEA CEA 0016 16777219 1 1F---P 07.23.21 .019
LATCHWAITPID= 0 CMD=CEAPSRVR
MEGA FREZE01 001F 83886558 1 HE---- 09.53.20 .018
LATCHWAITPID= 0 CMD=ISGFREZE
state r - A six character field showing the state of either the process or the most recently
created thread in the process. This field includes a five character state field and a 1
character r field containing the restart state.
MR: M Process state is for multiple threads and pthread_create was not used to create
any of the multiple threads. Process state is obtained from the most recently created
thread. R Running (not kernel wait)
F-----P: F File system kernel wait . P Permanent (restart status)
HE-----: H Process state is for multiple threads and pthread_create was used to create one
of the threads. Process state is obtained from the Initial Pthread created Task (IPT). E
Quiesce frozen
Latchwaitpid: 0 or the latch process ID, in decimal, for which this process is waiting.
zOS_V1R8_USS_File_Operations_Management.ppt Page 18 of 25
D OMVS, PID=
d omvs,pid=83886558
BPXO040I 09.53.35 DISPLAY OMVS 601
OMVS 000E ACTIVE OMVS=(E9)
USER JOBNAME ASID PID PPID STATE START CT_SECS
MEGA FREZE01 001F 83886558 1 HEI--- 09.53.20 .019
LATCHWAITPID= 0 CMD=ISGFREZE
THREAD_ID TCB@ PRI_JOB USERNAME ACC_TIME SC STATE
25B66E9000000000 008D1B08 OMVS .015 PTQ U E
25B68CB000000001 008D1970 OMVS .001 SLP JS
25B69BC000000002 008D16E0 OMVS .001 SLP JS
25B6AAD000000003 008D1450 OMVS .001 SLP JS
zOS_V1R8_USS_File_Operations_Management.ppt Page 19 of 25
Ending processes
Steps to end a process:
1. F BPXOINIT,TERM=pid
2. F BPXOINIT,FORCE=pid
3. F BPXOINIT,SUPERKILL=pid
4. CANCEL jobname,a=asid
You need to know which processes you want to end and whether they are active. Use the
DISPLAY OMVS operator command or the ps command to display all active processes.
TERM=pid: Sends SIGTERM. Application may have catcher to do cleanup…or may
block/ignore.
FORCE=pid: Sends SIGKILL. Superkill: This method should be considered before a
CANCEL cmd when multiple processes exist in the same address space. Can kill child
process in multi-proc environment.
CANCEL will terminate address space; SUPERKILL may only need to terminate the target
process that is actually hung.
SUPERKILL Indicates that a terminating signal will be sent to the target process. On
delivery the initial thread of the process will be abended with a 422 abend, which in turn
will terminate the entire process and any sub-processes that may exist in the address
space. The pid is the decimal form of the process id. This command is a more extreme
version of the TERM=/KILL= commands, and should only be used after other attempts
have failed at terminating the process.
zOS_V1R8_USS_File_Operations_Management.ppt Page 20 of 25
Planned shutdown
MODIFY BPXOINIT,SHUTDOWN=FILESYS
unmounts the file systems on the system that the command
was issued from
MODIFY BPXOINIT,SHUTDOWN=FILEOWNER
system is disabled as a future file system owner by move or
recovery operations until z/OS UNIX has been restarted.
MODIFY OMVS,STOPPFS=ZFS
Introduced in V1R8
Issuing one of these commands synchronizes data to the file systems and possibly
unmounts or moves ownership of the filesystems. If you use
SHUTDOWN=FILEOWNER, the system is disabled as a future file system owner by
way of move or recovery operations until z/OS UNIX has been restarted..
zOS_V1R8_USS_File_Operations_Management.ppt Page 21 of 25
Planned shutdown (continued)
MODIFY OMVS,SHUTDOWN
Refer to UNIX System Services Planning
-> Planned shutdowns using F OMVS,
SHUTDOWN for steps that need to be
taken before the SHUTDOWN
Shuts down the entire z/OS UNIX
system and all eligible processes
MODIFY OMVS,RESTART
reinitialize the z/OS UNIX environment
22 V1R8 z/OS UNIX operations management © 2007 IBM Corporation
Consider using it if you plan to recustomize and reinitialize the z/OS UNIX environment
without re-IPLing. Using F OMVS, SHUTDOWN along with F OMVS,RESTART may
allow you to avoid a system outage by providing the ability to shut down and then
reinitialize the z/OS UNIX environment without the need for a re-IPL.
zOS_V1R8_USS_File_Operations_Management.ppt Page 22 of 25
Helpful sites
For help with customizing z/OS UNIX, check out the
Web-based wizard at
www.ibm.com/servers/eserver/zseries/zos/wizards/
The z/OS UNIX home page on the World Wide Web
contains technical news, customer stories, and
information about tools. You can visit it at
www.ibm.com/servers/eserver/zseries/zos/unix/
You can access IBM message explanations directly
from the LookAt Web site at
http://www.ibm.com/servers/eserver/zseries/zos/bkserv/lookat/
zOS_V1R8_USS_File_Operations_Management.ppt Page 23 of 25
Publications
UNIX System Services Planning
GA22-7800
zOS_V1R8_USS_File_Operations_Management.ppt Page 24 of 25
Trademarks, copyrights, and disclaimers
The following terms are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both:
IBM MVS RACF z/OS zSeries
UNIX is a registered trademark of The Open Group in the United States and other countries.
Product data has been reviewed for accuracy as of the date of initial publication. Product data is subject to change without notice. This document could include
technical inaccuracies or typographical errors. IBM may make improvements or changes in the products or programs described herein at any time without notice. Any
statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. References in this
document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM
operates or does business. Any reference to an IBM Program Product in this document is not intended to state or imply that only that program product may be used.
Any functionally equivalent program, that does not infringe IBM's intellectual property rights, may be used instead.
Information is provided "AS IS" without warranty of any kind. THE INFORMATION PROVIDED IN THIS DOCUMENT IS DISTRIBUTED "AS IS" WITHOUT ANY
WARRANTY, EITHER EXPRESS OR IMPLIED. IBM EXPRESSLY DISCLAIMS ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE OR NONINFRINGEMENT. IBM shall have no responsibility to update this information. IBM products are warranted, if at all, according to the terms and
conditions of the agreements (for example, IBM Customer Agreement, Statement of Limited Warranty, International Program License Agreement, etc.) under which
they are provided. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly
available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other
claims related to non-IBM products.
IBM makes no representations or warranties, express or implied, regarding non-IBM products and services.
The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents or copyrights. Inquiries regarding
patent or copyright licenses should be made, in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY 10504-1785
U.S.A.
Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. All customer examples described are presented
as illustrations of how those customers have used IBM products and the results they may have achieved. The actual throughput or performance that any user will
experience will vary depending upon considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration,
and the workload processed. Therefore, no assurance can be given that an individual user will achieve throughput or performance improvements equivalent to the
ratios stated here.
© Copyright International Business Machines Corporation 2007. All rights reserved.
Note to U.S. Government Users - Documentation related to restricted rights-Use, duplication or disclosure is subject to restrictions set forth in GSA ADP Schedule
Contract and IBM Corp.
zOS_V1R8_USS_File_Operations_Management.ppt Page 25 of 25