Problem solve Get help with specific problems with your technologies, process and projects.

Adding security to FTP and the QUOTE RCMD command

This tip shows you how to overcome security problems with FTP and the QUOTE RCMD command.

For security reasons all of our files /commands etc. have the authority of *PUBLIC = *EXCLUDE.

This can cause a problem when using FTP, often you wish that the person sending or receiving the file would also execute a command.

What we have done is set up a command on the AS/400 that will submit a job on the job scheduler. The job on the job scheduler will then submit the command under a generic user profile that has authority to all the commands and files.

The FTP user submits a command such as: QUOTE RCMD CLRMYFILE.

The command on the AS/400 will execute a CL program CLRMYFILE, which will submit a job from the job scheduler, which will clear a file after it has been picked up by the user.

The CL will look like this:

             PGM
    SBMJOBJS   JOB(CLRMYFILE) TIME(*IMMED)  +
                  LOG(4 00 *SECLVL) LOGCLPGM(*YES)

            RETURN
            ENDPGM 

On the job scheduler you would create the job entry and enter the CLRPFM command for the file the user needs to clear.

Use option 2 and page down until you see this screen and enter the user ID that you want the job to run under.

 
   -------------------------Submission Information--------------------- 
                                                                                
   Job description  . . . . . . .   *USRPRF       Name, *USRPRF, *JOBCTL        
     Library  . . . . . . . . . .                 Name, *LIBL, *CURLIB          
   Job queue  . . . . . . . . . .   *JOBCTL       Name, *JOBD, *JOBCTL          
     Library  . . . . . . . . . .                 Name, *LIBL, *CURLIB          
   Job priority (on JOBQ) . . . .   *JOBCTL       1-9, *JOBD, *JOBCTL           
   Output priority (on OUTQ)  . .   *JOBCTL       1-9, *JOBD, *JOBCTL           
   Print device . . . . . . . . .   *JOBCTL       Name, *USRPRF, *SYSVAL...     
   Output queue . . . . . . . . .   *JOBCTL       Name, *JOBD, *USRPRF, *DEV... 
     Library  . . . . . . . . . .                 Name, *LIBL, *CURLIB          
   User . . . . . . . . . . . . .   GENERIC       Name, *JOBD, *CURRENT...      
   Print text . . . . . . . . . .   *JOBCTL                                     
   Routing data . . . . . . . . .   *JOBCTL       

This way the user can only clear the file you want him/her to clear.

We also use this method to submit job processing after a user has sent us as file such as updates to a table. This way we do not need trigger files or never ending programs. When we get the file it is processed.

You have to make sure that when using this security you grant authority for the user to the library, the file and the command.


This was last published in July 2001

Dig Deeper on FTP

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

Close