Once again this could be because it's /tmp. On 5250 you could try
Restricted rename and unlink . . . . . :
What do you have for that value?
Justin thought it might be related to the /root file system but IBM ships
/tmp with that attribute. They do this as a poor copy of an 'IFS' method
of QTEMP library. But mainly because other open systems do this with
their /tmp directory.
Of course, this attribute causes their own smtp system to fail.
Most people turn it to No, do not restrict it.
IBM used to change it back with every release (perhaps even with IPL?). I
know that I came unglued on them for doing so.
Basically what this does is, lets say you're signed on as JOHN and use
some API which generates a file in there. Then the process gets passed
off to another process that gets ran by someone like QTCP. It doesn't
matter if you change QTCP and give her every special authority available,
she will not be able to delete the file. QSECOFR even can't. Only JOHN
can. Sure QSECOFR or QTCP can read the file, destroy the contents, etc.
They just cannot delete the actual file or rename it.