Overview

The SAP RFC DLL is a remote function call library provided by SAP AG for applications to interface with the SAP system. A number of Universal Agent components make use of the SAP RFC DLL to provide SAP-related functionality.

The SAP RFC DLL interacts with the z/OS Language Environment (LE) and the z/OS UNIX System Services (USS), resulting in residual files being created by LE in the USS file system.

Background

A z/OS user profile must have a properly defined OMVS segment in order to run a program that utilizes USS services. The OMVS segment specifies, among other attributes, a home directory in the USS file system. If no home directory is specified, it defaults to /tmp.

The z/OS Language Environment (LE) produces output under certain conditions. When a LE batch job or started task is executed, the LE MSGFILE option specifies the ddname to which LE output is written. By default, MSGFILE specifies the SYSOUT ddname.

Additionally, for diagnostic purposes, LE can write LE dumps and traces. As a batch job or started task, LE writes the dumps and traces to ddname CEEDUMP. When a LE program is run from the USS environment, the LE MSGFILE option defaults to standard error, and LE dumps and traces are written to a file created in the current working directory with a name starting with CEEDUMP.

The SAP RFC DLL is loaded dynamically at run time when a Universal Agent batch job or started task needs to use SAP RFC functions. When the DLL is loaded, RFC initialization is performed by the DLL. As part of the RFC initialization, a USS popen function is called from within the DLL that creates two USS processes that run as child processes of the Universal Agent program. The child processes run for a very brief amount of time (1-2 seconds).

A USS child process inherits a number of attributes from its parent, which in this case is a Universal Agent program. Among the attributes inherited are the user ID profile, including the OMVS segment, as well many of the LE options specified in the batch job or started task. Among the attributes that a child process does not inherit is the ddname allocations of its parent. The child processes run in a separate address space managed by z/OS Workload Manager.

Output in the USS File System

The two child processes created by the popen function executed by the SAP DLL can result in LE creating certain files in the USS file system. The LE options that the batch job or started task execute with are inherited by the child processes created by the popen function. When the LE options produce output, this output will be created for each of the USS child processes in the USS file system.

As an example, the LE option RPTOPTS(ON) will write a report to the location specified by the LE MSGFILE option. The report lists all the LE option values and the source of the options. The two child processes created by the SAP RFC DLL inherit the LE options, and when both of the child processes end, LE writes a options report to the location specified by the LE MSGFILE option.

Since the child processes run in a USS environment, the LE MSGFILE option defaults to standard error; however, there is no standard error defined in this case, so LE writes its output to a file named SYSOUT in the current working directory. The current working directory will be the home directory specified in the user profile OMVS segment.

There are a number of conditions that cause LE to produce output. A partial list is:

• Certain LE options produce reports to the MSGFILE location. For example, RPTOPTS and RPTSTG.
• LE error messages resulting from invalid options or run-time errors are written to the MSGFILE location.
• LE dumps and traces produced due to run-time exceptions or the LE TRACE option. Dumps and traces are written to either the CEEDUMP ddname or to a USS file name starting with CEEDUMP.

Universal Agent Components

The following Universal Agent components use the SAP RFC DLL:

• Universal Broker
• Universal Enterprise Controller
• Universal Connector

When these components are executed with LE options that product output, a USS file named SYSOUT or a file starting with CEEDUMP will be created in the home directory of the user profile executing the component.

If two or more instances of a component executing with different user profiles share the same home directory, security violations may occur. The first component creates a USS file named SYSOUT owned by its user ID and the second component executing with a different user profile attempts to append to it resulting in a security violation.

To avoid the potential security violation when attempting to append to the LE SYSOUT file on the USS file system, define each z/OS user profile with a unique home directory.