- One minute mvs: data set file system (/dsfs) on z/OS
- Setting up data set file system /dsfs on z/OS
- Creating data sets and members from /dsfs
- Problems I experienced when using /dsfs
I played around with /dsfs and found a couple of problems.
My userid is COLIN.
Data set not seen for a time
I created a data set COLIN.ENCR2.DSN in ISPF (and also in batch).
The command
ls -ltr /dsfs/txt/colin/en*
found the data set /dsfs/txt/colin/encrypt.jcl, but it did not find /dsfs/txt/colin/encr2.dsn.
A while later (a minute or two) it found /dsfs/txt/colin/encr2.dsn . This is because of the DIRECTORY_REFRESH_TIMEOUT that controls it. Its default value is 60. You can dynamically change it via command dsadm config -directory_refresh_timeout <number>. The expected value is a number in the range 30-600.
Encrypted data set not seen
I had set up a data set which was encrypted, and empty. I could not list it using /dsfs
I had to set up an encryption ZFS for DSFS (as the documentation says) for it to be seen. I expected the dataset name to be visible, but not the contents.
Create the label in ICSF
//IBMICSF JOB 1,MSGCLASS=H
//STEP10 EXEC PGM=CSFKGUP
// SET CKDS=COLIN.SCSFCKDS
//CSFCKDS DD DISP=OLD,DSN=&CKDS
//* LENGTH(32) GENERATES A 256 BIT KEY
//CSFIN DD *,LRECL=80
ADD TYPE(DATA) ALGORITHM(AES),
LABEL(DSFSAES ) LENGTH(32)
/*
DELETE TYPE(DATA) LABEL(COLINBATCHAES )
//CSFDIAG DD SYSOUT=*,LRECL=133
//CSFKEYS DD SYSOUT=*,LRECL=1044
//CSFSTMNT DD SYSOUT=*,LRECL=80
//* REFRESH THE IN MEMORY DATA
//REFRESH EXEC PGM=CSFEUTIL,PARM='&CKDS,REFRESH'
Give the DSFS userid access to the label
//IBMRACF2 JOB 1,MSGCLASS=H RESTART=S2
// EXPORT SYMLIST=(*)
// SET KEY=DSFSAES
//S1 EXEC PGM=IKJEFT01,REGION=0M
//SYSPRINT DD SYSOUT=*
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *,SYMBOLS=(JCLONLY)
RDELETE CSFKEYS &KEY
RDEFINE CSFKEYS &KEY +
ICSF(SYMCPACFWRAP(YES) SYMCPACFRET(YES)) +
UACC(NONE)
PERMIT &KEY +
CLASS(CSFKEYS) ID(DSFS ) +
ACCESS(READ)
SETROPTS RACLIST(CSFKEYS) REFRESH
RLIST CSFKEYS &KEY AUTHUSER ICSF
ADDSD 'COLIN.ZFS.DSFS' UACC(NONE)
ALTDSD 'COLIN.ZFS.DSFS' UACC(NONE) DFP(DATAKEY(&KEY))
/*
Define the ZFS for DSFS
I stopped DSFS using the operator command
f omvs,stoppfs=dsfs
I could then delete and recreate the ZFS. If I wanted to keep the content of the DSFS ZFS, I think I could have using VSAM REPRO to copy the contents to a new file.
//IBMCLUST JOB 1
//DEFINE EXEC PGM=IDCAMS,REGION=0M
//SYSPRINT DD SYSOUT=*
//SYSIN DD *
DELETE COLIN.ZFS.DSFS
DEFINE CLUSTER (NAME(COLIN.ZFS.DSFS) -
VOLUMES(* ) -
CYL(100 1000) -
KEYLABEL(DSFSAES) -
DATACLASS(DCEATTR) -
ZFS )
LISTCAT ENT(COLIN.ZFS.DSFS) ALL
/*
The LISTCAT output had
LISTCAT ENT(COLIN.ZFS.DSFS) ALL
CLUSTER ------- COLIN.ZFS.DSFS
...
ENCRYPTIONDATA
DATA SET ENCRYPTION----(YES)
DATA SET KEY LABEL-----DSFSAES
I restarted DSFS.
With the DSFS ZFS encrypted, the ls command for the encrypted data set worked, and I was able to read the content.
When my userid COLIN which had access to the encrypted data set, but not the encryption key, tried to display the contents there were messages on the system log
ICH408I USER(COLIN ) GROUP(SYS1 ) NAME(####################) 008
COLINBATCHAES CL(CSFKEYS )
INSUFFICIENT ACCESS AUTot HORITY
ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )
IDFS00338E RACROUTE REQUEST=FASTAUTH call to authorize access to the keylabel COLINBATCHAES
for data set COLIN.ENCR.DSN for user COLIN failed with SAF rc 8 RACF rc 8 Reason Code 0.
and the OMVS session got
cat: /dsfs/txt/colin/encr.dsn: EDC5164I SAF/RACF error.
It is hard work getting error messages
I got
COLIN:/u: >dsadm config -hlq_list_add SYS1.PARMLIB
IDFS00324E Could not add the specified high-level qualifier directory names to the HLQ list, error code 139 reason code ED04618D.
To get the full description of the error I had to use
COLIN:/u: >bpxmtext ED04618D
DSFS Tue Sep 12 19:21:54 EDT 2023
Description: The caller is not UID 0.
Action: Ensure that you are properly authorized for this operation. This
subcommand requires UID 0 or READ access to the SUPERUSER.FILESYS.PFSCTL
profile in the z/OS UNIXPRIV class.
Where’s the $?
Because the OMVS shell uses $ to replace variables, you have to quote the data set name.
IBMUSER:/u/ibmuser: >ls /dsfs/txt/sys1.proclib/$$$COIBM
ls: FSUM6785 File or directory "/dsfs/txt/sys1.proclib/50397215" is not found
You have to use
ls '/dsfs/txt/sys1/parmlib/$$$COIBM'
with quotes around it, or escape the special characters.
ls /dsfs/t*/sys1/proclib/\$\$\$coibm
ColinPaice 
3 thoughts on “Problems I experienced when using /dsfs”