Recently it was pointed out to me that the IFS uses the same disk as the rest of the iSeries 400. Previously, I thought it was restricted to some area. Now I am concerned that a PC application might be able to load up the disk through the IFS. Is this a problem?
The IFS needs as much attention as the "traditional" library structure in OS/400. The IFS "starts" with a directory called "root" - denoted by "" When you display authorities in the IFS, you can use the WRKAUT (Wok with Authorities) command. You will need to pay attention to two sets of authorities - Data Authorities and Object Authorities. Both sets of authorities are shipped, by default, with *PUBLIC having all of the authorities. This is important because, in most cases, when a directory or folder is created, it inherits the authorities of the directory it's created into. This is like creating a library with *PUBLIC(*ALL) and then having all of the objects created into the libraries also created as *PUBLIC(*ALL).
MORE INFORMATION ON THIS TOPIC
The Best Web Links: tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Dig Deeper on iSeries system and application security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
When error messages arise concerning attempts to use a permanent system object without authority, find the source of the issue by looking for an AF ... Continue Reading