Set permission for files created by applications

(ZOS) Setting permission for files created by applications

Files created by applications running in the servant will have permission bits set according to the default umask. To change the default umask for the servant, specify the _BPX_BATCH_UMASK environment variable for the servant. Deployment manager and application servers require group read/write access to the data in their config root.

Deployment manager and application servers require group read/write access to the data in their config root. The server must run with a 007 umask in order to support system management functions. Do not change this umask setting and the server will function correctly.

Use the _BPX_BATCH_UMASK environment variable for the servant to set the umask to 007. We define _BPX_BATCH_UMASK as a new environment variable using the administrative console.

To view the administrative console page, click Environment > WebSphere variables.

To define this new variable using the administrative console, select the appropriate scope from the list of available options and then click New to create the name _BPX_BATCH_UMASK and the desired value. You will need to restart the server to pick up the _BPX_BATCH_UMASK setting.

A umask value of 007 causes applications to create directories with permission bits set to 770 and files with permission bits set to 660. This is the value IBM recommends.
BPXBATSL (BPXBATA2) sets the umask based on the value specified for the _BPX_BATCH_UMASK environment variable, if a value has been specified. LE sets the umask from the value specified for _EDC_UMASK_DFLT, if it is present when the C library initializes. If no value is specified for the _BPX_BATCH_UMASK enviroment variable, the umask is set to 007, displacing any value that is set using _EDC_UMASK_DFLT. Therefore we should not use _EDC_UMASK_DFLT to set the umask.

See the documents listed in the following steps for more information.

Tasks

z/OS Language Environment Programming Reference, for more information on ENVAR
z/OS C/C++ Programming Guide, for more information on how to change the UMASK defaults
z/OS UNIX System Services Command Reference

Related:

WAS security for z/OS
Summary of controls