Dump Processing

How pyRACF creates and processes IRRSMO00 Raw Security Result Dumps.

 

IRRSMO00 Raw Security Result XML Dump Files are NOT post-processed. This means that pyRACF secrets redaction is not applied. However, IRRSMO00’s built-in secrets redaction is always applied, which always redacts known sensitive information such as Passwords and Passphrases.

 

An IRRSMO00 Raw Security Result XML Dump can be created in the following scenarios:

  • The Security Result XML returned by IRRSMO00 is unable be be parsed as XML.
  • Dump Mode is enabled meaning that an IRRSMO00 Raw Security Result XML Dump will be triggered on every request (Both successes and failures).

 

IRRSMO00 Raw Security Result XML Dump Files are created at ~/.pyracf/dump with the naming convention pyracf.<timestamp>.<md5>.dump.

 

Both the .pyracf directory and the dump directory are created with 700 permissions to ensure ONLY the running/owning user can access them. If umask or the running/owning user creates these directories or otherwise modifies these directories to have permissions other than 700, pyRACF will automatically change the permissions to 700. The IRRSMO00 Raw Security Result XML Dump File is created with 600 permissions to ensure that ONLY the running/owning user can access it. pyRACF will NOT attempt to fix the permissions on previously created dump files if the user changes the permissions after the dump file is created.

 

If a the Security Result XML returned by IRRSMO00 cannot be parsed as XML, a dump is created, and xml.etree.ElementTree.ParseError is raised, you should open an issue here if the problem was NOT the result of user error or an environment/configuration problem.

 

When pyRACF creates a dump due to a failure parsing the Security Result XML as XML, the following messages are printed to the console. After creating the dump, the original xml.etree.ElementTree.ParseError will be raised.

Console Output 
[ FATAL ] Unable to parse security result XML returned by IRRSMO00.
[ INFO ] Raw security result XML has been written to '/u/testuser/.pyracf/dump/pyracf.<timestamp>.<md5>.dump'.

When pyRACF creates a dump due to Dump Mode being enabled, the following messages are printed to the console. Normal processing continues after creating the dump.

Console Output 
[ INFO ] Raw security result XML has been written to '/u/testuser/.pyracf/dump/pyracf.<timestamp>.<md5>.dump'.

The IRRSMO00 Raw Security Result XML Dump File can be interpreted using a hex dump utility like xxd or od.

Shell 
xxd ~/.pyracf/dump/pyracf.<timestamp>.<md5>.dump
Shell 
od -t x1 -c ~/.pyracf/dump/pyracf.<timestamp>.<md5>.dump