PATROL for DB2 KM - PSO log files are created with world writeable permissions

Knowledge Article

Article Number

000411562

Old Article Number

Article Type

Solutions to a Product Problem

Title

PATROL for DB2 KM - PSO log files are created with world writeable permissions

Summary

Product

PATROL for IBM DB2

Component

PATROL for IBM DB2

Applies to

PATROL for IBM DB2 All supported versions.

Problem

DB2 KM log files are created with world writable permissions:

/opt/patrol/PATROL3.5/pso/logs
/opt/patrol/PATROL3.5/pso/logs/java

Cause

The DB2 km is designed to create the logs with write permissions so the user that run the KM back end process (also if it is a DB2 user) can access and write to these files from the java process.

Solution

Those are logs files and only the patrol user that run the DB2 KM can use those, even with the writing permission.

However, raised a RFE for this DB2 km (QM002400358), to request to use the minimum permissions to those files.

On the meantime, have a workaround to change the file permissions:

Workaround instructions:

1) Download the "PSOLoggerLib.lib" file attached.
2) Stop the PATROL Agent.
3) Take a backup of existing $PATROL_HOME/lib/psl/PSOLoggerLib.lib.
4) Replace the attached PSOLoggerLib.lib at location $PATROL_HOME/lib/psl
5) Go to $PATROL_HOME/Patrol3/pso directory
5) Edit the PSO_startClient.sh file and change the umask to umask ug=rwx,o=r
6) Rename the existing logs directory $PATROL_HOME/pso/logs to logs_old.
7) Start the PATROL Agent

Attachment(s):

PSOLoggerLib