Manage Learn to apply best practices and optimize your operations.

Restrict authority in the root directory

How can security be setup so that folders/files cannot be added to the root of the IFS unless you have specific authority? What is done in its place for another folder to be created where such activities can be accomplished?
Remove your users ability to write to the root directory in the IFS. The IFS uses the Unix Read/Write/eXecute (RWX) vernacular for authorities. If you look at the IFS root, you will see that the default setting is for *PUBLIC to have *RWX authority (the equivalent of *ALL authority to an OS/400 object). Directories (Libraries) in the Unix world are similar to files in that they have the same RWX permissions. Each directory and file in Unix has three user levels, User (or owner), Group and Other (i.e. *PUBLIC) and each user level has the same RWX permissions. Removing the 'W' authority from *PUBLIC will prohibit general users from putting new objects (including new directories) into the root directory. Setting up a new directory under the root with *RWX authorities for *PUBLIC will allow all users to have unrestricted access to that directory while preventing them from writing into root directory itself.


The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips

Dig Deeper on iSeries system and application security