|
Remove your users ability to write to the root directory
in the IFS. The IFS uses the Unix Read/Write/eXecute
(RWX) vernacular for authorities. If you look at the IFS
root, you will see that the default setting is for
*PUBLIC to have *RWX authority (the equivalent of *ALL
authority to an OS/400 object). Directories (Libraries)
in the Unix world are similar to files in that they have
the same RWX permissions. Each directory and file in Unix
has three user levels, User (or owner), Group and Other
(i.e. *PUBLIC) and each user level has the same RWX
permissions. Removing the 'W' authority from *PUBLIC will
prohibit general users from putting new objects
(including new directories) into the root directory.
Setting up a new directory under the root with *RWX
authorities for *PUBLIC will allow all users to
have unrestricted access to that directory
while preventing them from writing into root directory
itself. ==================================
MORE INFORMATION ON THIS TOPIC
==================================
The Best Web Links: tips, tutorials and more.
Search400's targeted search
engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by
answering them--in our live discussion forums.
Check out this Search400.com Featured Topic: Top ten security tips
|
