MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » May 2014

RE: IFS File permissions



fixed

Once again this could be because it's /tmp. On 5250 you could try
WRKLNK '/tmp'
8=Display attributes
Restricted rename and unlink . . . . . :

What do you have for that value?

Justin thought it might be related to the /root file system but IBM ships
/tmp with that attribute. They do this as a poor copy of an 'IFS' method
of QTEMP library. But mainly because other open systems do this with
their /tmp directory.
Of course, this attribute causes their own smtp system to fail.
Most people turn it to No, do not restrict it.
IBM used to change it back with every release (perhaps even with IPL?). I
know that I came unglued on them for doing so.

Basically what this does is, lets say you're signed on as JOHN and use
some API which generates a file in there. Then the process gets passed
off to another process that gets ran by someone like QTCP. It doesn't
matter if you change QTCP and give her every special authority available,
she will not be able to delete the file. QSECOFR even can't. Only JOHN
can. Sure QSECOFR or QTCP can read the file, destroy the contents, etc.
They just cannot delete the actual file or rename it.

Rob Berendt





Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact