Adding security to FTP and the QUOTE RCMD command
This tip shows you how to overcome security problems with FTP and the QUOTE RCMD command.
For security reasons all of our files /commands etc. have the authority of *PUBLIC = *EXCLUDE.
This can cause a problem when using FTP, often you wish that the person sending or receiving the file would also execute a command.
What we have done is set up a command on the AS/400 that will submit a job on the job scheduler. The job on the job scheduler will then submit the command under a generic user profile that has authority to all the commands and files.
The FTP user submits a command such as: QUOTE RCMD CLRMYFILE.
The command on the AS/400 will execute a CL program CLRMYFILE, which will submit a job from the job scheduler, which will clear a file after it has been picked up by the user.
The CL will look like this:
PGM SBMJOBJS JOB(CLRMYFILE) TIME(*IMMED) + LOG(4 00 *SECLVL) LOGCLPGM(*YES) RETURN ENDPGM
On the job scheduler you would create the job entry and enter the CLRPFM command for the file the user needs to clear.
Use option 2 and page down until you see this screen and enter the user ID that you want the job to run under.
-------------------------Submission Information--------------------- Job description . . . . . . . *USRPRF Name, *USRPRF, *JOBCTL Library . . . . . . . . . . Name, *LIBL, *CURLIB Job queue . . . . . . . . . . *JOBCTL Name, *JOBD, *JOBCTL Library . . . . . . . . . . Name, *LIBL, *CURLIB Job priority (on JOBQ) . . . . *JOBCTL 1-9, *JOBD, *JOBCTL Output priority (on OUTQ) . . *JOBCTL 1-9, *JOBD, *JOBCTL Print device . . . . . . . . . *JOBCTL Name, *USRPRF, *SYSVAL... Output queue . . . . . . . . . *JOBCTL Name, *JOBD, *USRPRF, *DEV... Library . . . . . . . . . . Name, *LIBL, *CURLIB User . . . . . . . . . . . . . GENERIC Name, *JOBD, *CURRENT... Print text . . . . . . . . . . *JOBCTL Routing data . . . . . . . . . *JOBCTL
This way the user can only clear the file you want him/her to clear.
We also use this method to submit job processing after a user has sent us as file such as updates to a table. This way we do not need trigger files or never ending programs. When we get the file it is processed.
You have to make sure that when using this security you grant authority for the user to the library, the file and the command.