Home > AS/400 Tips > iSeries security tips > Checking IFS security

	iSeries 400 Tips:	EMAIL THIS

	TIPS & NEWSLETTERS TOPICS

	ISERIES SECURITY TIPS Checking IFS security Rich Loeber 03.08.2005 Rating: -3.92- (out of 5) Digg This!     StumbleUpon     Del.icio.us    For years, OS/400 has provided robust security for its native file system. For some of us who've been around for a while, this has been all we've known on our systems. These days, more and more applications and users are working with the other non-native file systems that are collectively known as the Integrated File System (IFS). OS/400 provides the same level of security in the IFS, but the commands to review items in the IFS and a lot of the terminology is different from what the "natives" may expect to see. This article scratches the surface of this issue by explaining how you can view the IFS directories and files from your OS/400 command line, as well as how you can interpret the security settings used in the IFS. The main command you need to start with is the Work with Object Links (WRKLNK) command. These "links" can take several different types, the most common of which are Directories (DIR) or Stream Files (SMTF). If you thought about this from a PC perspective, these would correspond to disk directories and files. [TABLE]			[IMAGE]

If you use the WRKLNK command with no parameters, a complete list of all of the top level directories in the IFS will be displayed. This display lets you explore the entire IFS on your system, including the "native" file system that is included under the QSYS.LIB file system. If you want to go directly to a specific directory, you can do so with a qualified OBJ selection parameter. Example:

On our test system, we have a directory in the shared-folders file system, KISCO. The shared folders sys

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT iSeries security tips Checking in on your IBM i authorization lists PCI data security standards and the System i Securing the integrated file system on IBM System i Contextual security on IBM i: Limit user profile access Time for a security checkup for your i Security monitoring on IBM i: Watching your super users Tracking System i program object changes Recovering your AS/400 security configuration System values on i: Setting them up and locking i down A guide to System i security, Part 3: Digging in to the System i security environment iSeries system and application security Checking in on your IBM i authorization lists Strategies for securing IBM i production files Changing password security levels and upgrading operating systems on the IBM i Determine the value of parameter UPPWEI in the DSPUSRPRF field Define journal code value "K" Modify content within a journal receiver file Change password parameters on the AS/400 without deactivating user's passwords Prevent insiders with *READ or *USE access from circumventing object authority on IBM i Prevent insiders from obtaining user ids and passwords on the IBM i Change the IBM i system to allow only certain types of SSL protocol versions

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary midrange  (Search400.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

tem is found in the QDLS file directory. Running the above command gets us straight to this folder -- without having to spend time searching.

To check on the security setting for a displayed object, simply put a '9' next to that object. This brings up a Work With Authority display, and it gives you all of the security information about the object selected. This includes the owner, any applicable authorization list, any public authorization settings, and a list of user profiles that are authorized to the object.

Data authority in the IFS is described by a series of letter codes which, in combination, describes the authorities in place. The applicable access letter codes are as follows:

You'll see these codes in combination or singly (preceded by the ever present *), depending on the authorities implemented. For example, if full authority is being granted, you will see the *RWX authority setting displayed. Specific object authorities are also displayed on this screen. You can use this screen to make changes and to check on the specifics for any object shown by placing a '2' next to the line in question and making updates.

If you've never (or rarely) considered what's going on in the IFS on your system, now is the time to get started and the WRKLNK command gives you a very good starting point.

If you have any questions about this topic, you can reach me at rich@kisco.com, I'll give it my best shot. All e-mail messages will be answered.

---------------------------------------
About the author: Rich Loeber is president of Kisco Information Systems Inc.s in Saranac Lake, N.Y. The company is a provider of various security products for the iSeries market.

Rate this Tip To rate tips, you must be a member of Search400.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.