Object level security is the surest way to secure the rest of the libraries on your system. You can exclude the FTP user from all libraries (except QSYS -- leave that one alone.) In fact, this is the technique that IBM recommends for creating a secure environment to enable anonymous FTP. This is the most secure and most foolproof way of securing your system. In addition, don't forget to secure directories in the various file systems in the IFS -- in particular, don't forget to secure '/' (root).
Your other (but less fool-proof) method is to write an exit program. The FTP exit program format is pretty simple and IBM has sample exit programs on the InfoCenter Web site under the FTP topic. You could disallow access to all other libraries or you could disallow all other FTP commands.
A more simple option would be to use Application Administration (through iSeries Access)to control access. Look for TCP/IP under the Host Applications tab and you can control FTP access that way.
Finally, you could purchase a third-party software package that performs these functions. At last count, there are at least 12 vendors that provide this type of software.
MORE INFORMATION ON THIS TOPIC
The Best Web Links: tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Dig Deeper on iSeries system and application security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
The UPPWEI field corresponds to the password expiration interval field, and its values "0" and "-1" represent the *SYSVAL and *NOXMAX commands. Continue Reading