Adding security to FTP and the QUOTE RCMD command

For security reasons all of our files /commands etc. have the authority of *PUBLIC = *EXCLUDE.

This can cause a problem when using FTP, often you wish that the person sending or receiving the file would also execute a command.

What we have done is set up a command on the AS/400 that will submit a job on the job scheduler. The job on the job scheduler will then submit the command under a generic user profile that has authority to all the commands and files.

The FTP user submits a command such as: QUOTE RCMD CLRMYFILE.

The command on the AS/400 will execute a CL program CLRMYFILE, which will submit a job from the job scheduler, which will clear a file after it has been picked up by the user.

The CL will look like this:

             PGM
    SBMJOBJS   JOB(CLRMYFILE) TIME(*IMMED)  +
                  LOG(4 00 *SECLVL) LOGCLPGM(*YES)

            RETURN
            ENDPGM 

On the job scheduler you would create the job entry and enter the CLRPFM command for the file the user needs to clear.

Use option 2 and page down until you see this screen and enter the user ID that you want the job to run under.

 
   -------------------------Submission Information--------------------- 
                                                                                
   Job description  . . . . . . .   *USRPRF       Name, *USRPRF, *JOBCTL        
     Library  . . . . . . . . . .                 Name, *LIBL, *CURLIB          
   Job queue  . . . . . . . . . .   *JOBCTL       Name, *JOBD, *JOBCTL          
     Library  . . . . . . . . . .                 Name, *LIBL, *CURLIB          
   Job priority (on JOBQ) . . . .   *JOBCTL       1-9, *JOBD, *JOBCTL           
   Output priority (on OUTQ)  . .   *JOBCTL       1-9, *JOBD, *JOBCTL           
   Print device . . . . . . . . .   *JOBCTL       Name, *USRPRF, *SYSVAL...     
   Output queue . . . . . . . . .   *JOBCTL       Name, *JOBD, *USRPRF, *DEV... 
     Library  . . . . . . . . . .                 Name, *LIBL, *CURLIB          
   User . . . . . . . . . . . . .   GENERIC       Name, *JOBD, *CURRENT...      
   Print text . . . . . . . . . .   *JOBCTL                                     
   Routing data . . . . . . . . .   *JOBCTL       

This way the user can only clear the file you want him/her to clear.

We also use this method to submit job processing after a user has sent us as file such as updates to a table. This way we do not need trigger files or never ending programs. When we get the file it is processed.

You have to make sure that when using this security you grant authority for the user to the library, the file and the command.