A huge thank you to Logicalis/CSF and the LSWG chairman Mark Wilson for organising and hosting the meeting.

Apologies:

Simon Hutchings(Nationwide), Doug Neilson(IBM UK), Mike Fitzgerald (Fitz Software), Bob Blakeman(HDS)

1. Minutes of previous meeting and matters arising.
No matters arising.

2. GUIDE Business
Thanks to Host(s), Speakers and all attendees that braved the bad weather (Well in the South anyway!) to attend.
Vacant Posts: Minutes Secretary.  Simon Chang (bmc software) has agreed to be the full-time minutes secretary for the group.  

Future meeting and conference topics discussed, if any of the membership has a topic or specific subject that they would like to see covered in future meetings and/or the annual conference please let us know.
An email outlining details of topic/subject material already available will be distributed to the group, so that the membership can indicate which presentations they would like to see. It was also suggested that agenda topic feedback be canvassed by telephone.   

LSWG Meetings:
Next Meeting:

• Next LSG Meeting:
• 3rd May 2007 -  Edinburgh – Venue: IBM UK Ltd, 21 St. Andrew Square, Edinburgh EH2 1AY. (50 person capacity limit)
• Annual Conference:
• 30th – 31st October 2007 – Chesford Grange Hotel, Kenilworth.

AOB
Michael Lowe – IBM UK Ltd, introduced himself to the group, Michael is the new zSeries Technical Manager for the UK and Ireland.

3. Announcements

Fitz Software and Innovation supplied PDF’s of recent announcements.

The PDF’s can be found here: Fitz Software & Innovation

4. Experiences

4.1 EXPERIAN – Joe Sigona

Question:

At Experian we have a large number of Mainframe ISV products. We have put together a maintenance schedule in-between z/OS releases that groups a number of ISV products together for maintenance or release upgrade. We do all the ordering and installation on a product by product basis. We are looking at CAMPUS, Computer Associates’ offering to deliver multiple products packaged together, to try and make our process less time consuming.
Do any users have experience of CAMPUS or any other vendor offering for packaging software products together?

Response from the group:

No one in the audience had any experience of the offering and the merits of such were debated. The majority of the audience, who had an opinion, didn’t believe it was something that the UK market would take too. It was felt that in North America such offerings are more widely used. It was suggested that CA perhaps do a short presentation on the subject to inform everyone about the service.

5. Presentations
DB2 Data Sharing Performance for beginners - Martin Packer (IBM UK Ltd)
Select the link to download the presentation.

The Future of Disaster Recovery for Disk and Tape - Tony Sinfield & Steve Molesowrth (Opentech Systems)
Select the link to download the presentation.

Practical experience of using zCPR for capacity – Stuart Rees (Logicalis)
Select the link to download the presentation.

Facing the financial, regularity and contractual DR challenges  – Steve Matthews (Experian)
Presentation not yet received from the presenter.

IBM Updates – Roger Fowler (IBM UK Ltd)
Select the link to download the presentation.

Hints and Tips
Some debate ensued around various items with feedback as follows:

Contributed by Paul Arnerich:

• I recently had a concern over a contradiction in several pages of the
  USS Callable Services Manual, and decided to submit an RCF (Readers Comment Form), mostly because I was bored, really not expecting any kind of response. I received a personal confirmation (i.e. not automated) the same day, and a response from the change team the following day, clearing up the contradiction and a commitment to correct in the next release of doc. Weird! Could have been a one off, but maybe you should try it some time, go to: https://www14.software.ibm.com/webapp/iwm/web/signup.do?lang=en_US&source=swg-rcf

• USS and Superuser.
  On a recent gig, I had to put a lot of time in to get to the bottom of all
  the contradictions (in TCP/IP, WAS and USS manuals in particular, but not limited to) in various manuals on the vexing and thorny subject of the differences between the various 'superuser' states. The result was the following:

Superuser, Effective UID, Real UID and BPX.SUPERUSER

In this document, there are many references to superuser, real UID(0), effective UID(0) and BPX.SUPERUSER in relation to acquiring authority to invoke restricted services. All readers of this document should be aware of how developers of system and subsystem code may choose to acquire the necessary authority to invoke restricted z/OS UNIX services.

Technical Document references to Superuser

This term is used in many publications with a variety of interpretations. In the main, the technical author is informing the reader that this task requires authority to invoke any z/OS UNIX services but in particular the restricted services listed in section 7.1.4 (Superuser detail) of part 1 of this document. In order to acquire that level of authority, IBM provide the developer with a number of authorisation options. The developer chooses the most appropriate method for their task and then requests the product installer (via the product documentation) to implement their chosen authorisation acquisition method. There is more than one approach and that approach depends on a number of variables, including the developers knowledge of the authorisation mechanisms, resulting in products of a similar nature but from different labs, using different mechanisms. All the methods listed below will provide the necessary authorisation.

RACF trusted and Privileged

The task is a Started Task (STC) and has the PRIVILEGED(YES) and TRUSTED(YES) STDATA flags set in the STARTED class profile for the task or in the RACF Started Task Table (ICHRIN03).

Real UID(0)

The task has a userid with an OMVS segment coded with a UID of 0.

Effective UID(0)

The task has invoked the seteuid() service (usually via BPX1SEU, BPX4SEU) with a requested UID of 0. In order for this service to execute, the task must already have superuser authority or be permitted READ access to BPX.SUPERUSER.

Usage Notes

Whilst RACF Trusted and Privileged and real UID(0) will guarantee the requisite authority for the task, from an audit perspective, using a real UID of nonzero and acquiring authority through the effective UID is the preferred option as it allows better audit capability than real UID(0). However, not all developers are able to use this option, or are not aware of this option. For example, the task may well have READ access to BPX.SUPERUSER, but no ‘su’ or seteuid() has been issued, therefore the task will not have the required authority.
It is worth noting that BPX.SUPERUSER cannot be used for all tasks, that is, if the developer has not issued a seteuid() in his code and can therefore not gain UID(0) this way. Current examples include OMVS, BPXONINT and TCP/IP. Note that the original intention of BPX.SUPERUSER was to allow a human user to issue the ‘su’ command to set the effective UID, and not all developers are aware that this is a valid option to acquire authority hence the number of services that ‘require’ real UID(0).

Some superuser tasks may require access to Daemon authority via READ permission to BPX.DAEMON. This requires that superuser authority has been acquired using one of the aforementioned before using services that BPX.DAEMON allows. The approach taken in these standards has been to document all tasks that require UID(0) regardless of BPX.DAEMON (a small list). Those tasks which require BPX.DAEMON are noted, and recommended that they be given access to BPX.SUPERUSER with a non-zero userid. The problem with this approach is that buried amongst those tasks there may be one or two that do not set the effective uid early enough to acquire the BPX.DAEMON access through that path.
Therefore, despite product documentation to the contrary, all tasks requiring Daemon authority should be tested with an effective UID(0) before falling back to a real UID(0).

6. Feedback