Specifies the objects to be restored and if they can be restored while installing software fixes. (QALWOBJRST)
Allow restore of security sensitive objects, also known as QALWOBJRST, is a member of the save and restore category of i5/OS™ system values. You can use this system value to specify the objects to be restored and whether they can be restored while installing software fixes. To learn more, keep reading.
| Quick reference | |
|---|---|
| Location | In iSeries™ Navigator, select your system, |
| Special authority | All object (*ALLOBJ) and security administrator (*SECADM) |
| Default value | All objects selected |
| Changes take effect | At the start of the next restore operation |
| Lockable | Yes Lock function of security-related system values (Click for details) |
What can I do with this system value?
You may specify whether or not objects with security-sensitive attributes can be restored.
The system checks this system value before restoring any object with security-sensitive attributes. These checks occur during the installation of program temporary fixes (PTFs) and restore of licensed programs. However, the system does not check this value during the installation of the operating system. This system value gives your system additional integrity protection. You can prevent anyone from restoring a system state object or an object that adopts authority.
The following are types of objects that may be restored, if selected:
- System state programs (*ALWSYSSTT)
Allows programs, service programs, and modules with the system-state or inherit-state attribute to be restored.
- Programs that adopt their owner (*ALWPGMADP)
Allows programs, service programs, and modules that adopt their owner's authority to be restored.
- Programs that have the S_ISUID (set-user-id) attribute enabled
(*ALWSETUID)
Allows restore of files that have the S_ISUID (set-user-ID) attribute enabled.
- Programs that have the S_ISGID (set-group-id) attribute enabled
(*ALWSETGID)
Allows restore of files that have the S_ISGID (set-group-ID) attribute enabled.
- Programs with validation errors (*ALWVLDERR)
Allows programs, service programs, and modules that have validation errors or that have been tampered with to be restored.
- Allow restore of security-sensitive objects while installing
software fixes (*ALWPTF)
Allow system-state or inherit-state programs, service programs, modules, objects that adopt authority, objects that have the S_ISUID (set-user-ID) attribute enabled, and objects that have the S_ISGID (set-group-ID) attribute enabled to be restored to the system during a PTF install.
The restore system values work together when restoring objects. For more information about how these system values work together, see Effects of system value settings on restore operations.
You may also specify Allow restore of security-sensitive objects while installing software fixes. This option is also represented as the *ALWPTF option for QALWOBJRST. This value must be selected before installing software fixes (PTFs).
Where can I get more information about this system value?
To learn more, go to the save and restore system values overview topic. If you are looking for a specific system value or category of system values, try using the i5/OS system value finder.