|
However, my question is this. If I change the security on the root folder, can a user who doesn't have authority get to anything futher down the tree?
You need *X authority to all of the previous directories in the pathname in order to open an file through the IFS interface.
Some areas of the IFS (/QSYS.LIB, /QDLS, /QNTC, etc) can be accessed through other interfaces besides the IFS interface. I don't know if the same security restrictions will work when using a non-IFS interface.
At any rate, I wouldn't deny users *X access to the actual root folder of the IFS, because all sorts of nasty things are likely to happen (such as QSTRUP crashing and therefore stopping an IPL from completing). Instead, move your 550 folders so that they're all in one common subfolder, then deny access to that.
In other words, instead of /folder1 /folder2 /folder3 have /mydocs/folder1 /mydocs/folder2 /mydocs/folder3Then you can deny access to /mydocs to lock everything down, and there's no need to change the permissions on the root folder.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
