Manage Learn to apply best practices and optimize your operations.

Secure FTP commands

I have allowed a vendor to FTP files into one library. I set the profile to have that library as the current library. Is there a way to secure FTP commands so that they can not access other libraries?

Object level security is the surest way to secure the rest of the libraries on your system. You can exclude the FTP user from all libraries (except QSYS -- leave that one alone.) In fact, this is the technique that IBM recommends for creating a secure environment to enable anonymous FTP. This is the most secure and most foolproof way of securing your system. In addition, don't forget to secure directories in the various file systems in the IFS -- in particular, don't forget to secure '/' (root).

Your other (but less fool-proof) method is to write an exit program. The FTP exit program format is pretty simple and IBM has sample exit programs on the InfoCenter Web site under the FTP topic. You could disallow access to all other libraries or you could disallow all other FTP commands.

A more simple option would be to use Application Administration (through iSeries Access)to control access. Look for TCP/IP under the Host Applications tab and you can control FTP access that way.

Finally, you could purchase a third-party software package that performs these functions. At last count, there are at least 12 vendors that provide this type of software.


The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Dig Deeper on iSeries system and application security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.