docs-site
docs-site copied to clipboard
zowe
[Troubleshooting tip] What to do when EACCES is seen in server logs
When you see messages like this in the server logs:
Error: listen EACCES: permission denied 0.0.0.0:8548
at Server.setupListenHandle [as _listen2] (net.js:1305:21)
at listenInCluster (net.js:1370:12)
<ZWED:1234> ZWEUSER WARN (_zsf.network,webserver.js:233) ZWED0071W - Unexpected error on server 0.0.0.0:8544. E=bind EACCES 0.0.0.0:8544. Stack trace follows.
Error: bind EACCES 0.0.0.0:8544
at listenOnMasterHandle (net.js:1389:18)
It is a sign that a permission error is stopping Zowe servers from completing the action of binding to a TCP Port for listening for client connections. This can manifest in the servers being inaccessible. Network permissions control varies by OS, so I don't have a tip for users of containers, but for z/os, IBM has a guide on access control: https://www.ibm.com/docs/en/zos/2.4.0?topic=control-controlling-access-particular-ports https://www.ibm.com/docs/en/zos/2.4.0?topic=statements-port-statement
But there's a very important part troubleshooting step just for Zowe.
When doing setting a PORT statement, you can assign rules by jobname.
When FACILITY resource BPX.JOBNAME is granted for the zowe STC user (recommended!) then each server of zowe will have a different jobname. It will not be "ZWESVSTC" or "ZWESLSTC" as it would be when that resource is not granted. They'll instead be other names that start with "ZWE".
So, for a troubleshooting tip on the server error EACCESS on z/os, note that not only should an administrator check their PORT statements, they should probably set their jobname in the port statements to ZWE* since it will catch all zowe components regardless of whether or not BPX.JOBNAME is granted.
Thanks for confirming @DivergentEuropeans. Yes I have self assigned myself.
