Ask the Expert

Restrict authority in the root directory

How can security be setup so that folders/files cannot be added to the root of the IFS unless you have specific authority? What is done in its place for another folder to be created where such activities can be accomplished?
Remove your users ability to write to the root directory in the IFS. The IFS uses the Unix Read/Write/eXecute (RWX) vernacular for authorities. If you look at the IFS root, you will see that the default setting is for *PUBLIC to have *RWX authority (the equivalent of *ALL authority to an OS/400 object). Directories (Libraries) in the Unix world are similar to files in that they have the same RWX permissions. Each directory and file in Unix has three user levels, User (or owner), Group and Other (i.e. *PUBLIC) and each user level has the same RWX permissions. Removing the 'W' authority from *PUBLIC will prohibit general users from putting new objects (including new directories) into the root directory. Setting up a new directory under the root with *RWX authorities for *PUBLIC will allow all users to have unrestricted access to that directory while preventing them from writing into root directory itself.

==================================
MORE INFORMATION ON THIS TOPIC
==================================

The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips


This was first published in October 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: