Home > AS/400 Tips > iSeries security tips > Checking IFS security
iSeries 400 Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

ISERIES SECURITY TIPS

Checking IFS security


Rich Loeber
03.08.2005
Rating: -3.92- (out of 5)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


For years, OS/400 has provided robust security for its native file system. For some of us who've been around for a while, this has been all we've known on our systems. These days, more and more applications and users are working with the other non-native file systems that are collectively known as the Integrated File System (IFS). OS/400 provides the same level of security in the IFS, but the commands to review items in the IFS and a lot of the terminology is different from what the "natives" may expect to see.

This article scratches the surface of this issue by explaining how you can view the IFS directories and files from your OS/400 command line, as well as how you can interpret the security settings used in the IFS.

The main command you need to start with is the Work with Object Links (WRKLNK) command. These "links" can take several different types, the most common of which are Directories (DIR) or Stream Files (SMTF). If you thought about this from a PC perspective, these would correspond to disk directories and files.

[TABLE]
[IMAGE]

If you use the WRKLNK command with no parameters, a complete list of all of the top level directories in the IFS will be displayed. This display lets you explore the entire IFS on your system, including the "native" file system that is included under the QSYS.LIB file system. If you want to go directly to a specific directory, you can do so with a qualified OBJ selection parameter. Example:

On our test system, we have a directory in the shared-folders file system, KISCO. The shared folders sys


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
iSeries security tips
Checking in on your IBM i authorization lists
PCI data security standards and the System i
Securing the integrated file system on IBM System i
Contextual security on IBM i: Limit user profile access
Time for a security checkup for your i
Security monitoring on IBM i: Watching your super users
Tracking System i program object changes
Recovering your AS/400 security configuration
System values on i: Setting them up and locking i down
A guide to System i security, Part 3: Digging in to the System i security environment

iSeries system and application security
Checking in on your IBM i authorization lists
Strategies for securing IBM i production files
Changing password security levels and upgrading operating systems on the IBM i
Determine the value of parameter UPPWEI in the DSPUSRPRF field
Define journal code value "K"
Modify content within a journal receiver file
Change password parameters on the AS/400 without deactivating user's passwords
Prevent insiders with *READ or *USE access from circumventing object authority on IBM i
Prevent insiders from obtaining user ids and passwords on the IBM i
Change the IBM i system to allow only certain types of SSL protocol versions

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
midrange  (Search400.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


tem is found in the QDLS file directory. Running the above command gets us straight to this folder -- without having to spend time searching.

To check on the security setting for a displayed object, simply put a '9' next to that object. This brings up a Work With Authority display, and it gives you all of the security information about the object selected. This includes the owner, any applicable authorization list, any public authorization settings, and a list of user profiles that are authorized to the object.

Data authority in the IFS is described by a series of letter codes which, in combination, describes the authorities in place. The applicable access letter codes are as follows:

You'll see these codes in combination or singly (preceded by the ever present *), depending on the authorities implemented. For example, if full authority is being granted, you will see the *RWX authority setting displayed. Specific object authorities are also displayed on this screen. You can use this screen to make changes and to check on the specifics for any object shown by placing a '2' next to the line in question and making updates.

If you've never (or rarely) considered what's going on in the IFS on your system, now is the time to get started and the WRKLNK command gives you a very good starting point.

If you have any questions about this topic, you can reach me at rich@kisco.com, I'll give it my best shot. All e-mail messages will be answered.

---------------------------------------
About the author: Rich Loeber is president of Kisco Information Systems Inc.s in Saranac Lake, N.Y. The company is a provider of various security products for the iSeries market.


Rate this Tip
To rate tips, you must be a member of Search400.com.
Register now to start rating these tips. Log in if you are already a member.


Submit a Tip




DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



iSeries Security - Security Tools, Physical Security and System Security
HomeNewsTopicsITKnowledge ExchangeTipsBlogsAsk the ExpertsMultimediaWhite PapersProducts
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 1999 - 2009, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts