The Client daemon defines the access permissions to the client trace and log files. These files are created in the /var/cicscli directory.
chmod 700 /opt/ibm/cicstg/bin/cicscli
After
restricting access to the cicscli command, users
will still be able to start the Client daemon with ECI v1 and EPI
programs or when they start a terminal.chmod 755 /var/cicscli
allows
users to see files in /var/cicscli directory
but not to create, delete, or move them. After restricting access
to /var/cicscli, users will only be able to start
the Client daemon if the Client daemon log and trace files already
exist.chmod 711 /var/cicscli
The Client daemon defines the access permissions to the client trace file, permissions vary with the type of trace being processed. When processing memory mapped trace the Client daemon defines trace file permissions as 666, all users have read and write access. Memory mapped trace is started with the -b option. (See Starting client tracing). When processing basic trace the Client daemon defines trace file permissions as 622, all users have write access and only the owner can read it for formatting.
The Client daemon prevents you from starting tracing if an unauthorized user has deleted and recreated the Client daemon trace file.