Remove your users ability to write to the root directory in the IFS. The IFS uses the Unix Read/Write/eXecute (RWX) vernacular for authorities. If you look at the IFS root, you will see that the default setting is for *PUBLIC to have *RWX authority (the equivalent of *ALL authority to an OS/400 object). Directories (Libraries) in the Unix world are similar to files in that they have the same RWX permissions. Each directory and file in Unix has three user levels, User (or owner), Group and Other (i.e. *PUBLIC) and each user level has the same RWX permissions. Removing the 'W' authority from *PUBLIC will prohibit general users from putting new objects (including new directories) into the root directory. Setting up a new directory under the root with *RWX authorities for *PUBLIC will allow all users to have unrestricted access to that directory while preventing them from writing into root directory itself.
================================== MORE INFORMATION ON THIS TOPIC ==================================
The Best Web Links: tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Check out this Search400.com Featured Topic: Top ten security tips
This was first published in October 2003