MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » May 2014

RE: IFS File permissions



fixed

Sorry Rob I should get your name right after such great help ! Put it down to giddiness .


-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of rob@xxxxxxxxx
Sent: Monday, May 05, 2014 11:07 AM
To: Midrange Systems Technical Discussion
Subject: RE: IFS File permissions

John is just a fictitious user.


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: David Baugh <davidb@xxxxxxxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Date: 05/05/2014 02:04 PM
Subject: RE: IFS File permissions
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



John,

You hit it out of the park. I changed the flag I can now delete the file.
A big THANK YOU!!!

-David.


-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
rob@xxxxxxxxx
Sent: Monday, May 05, 2014 4:35 AM
To: Midrange Systems Technical Discussion
Subject: RE: IFS File permissions

Once again this could be because it's /tmp. On 5250 you could try WRKLNK
'/tmp'
8=Display attributes
Restricted rename and unlink . . . . . :

What do you have for that value?

Justin thought it might be related to the /root file system but IBM ships
/tmp with that attribute. They do this as a poor copy of an 'IFS' method
of QTEMP library. But mainly because other open systems do this with
their /tmp directory.
Of course, this attribute causes their own smtp system to fail.
Most people turn it to No, do not restrict it.
IBM used to change it back with every release (perhaps even with IPL?). I
know that I came unglued on them for doing so.

Basically what this does is, lets say you're signed on as JOHN and use
some API which generates a file in there. Then the process gets passed
off to another process that gets ran by someone like QTCP. It doesn't
matter if you change QTCP and give her every special authority available,
she will not be able to delete the file. QSECOFR even can't. Only JOHN
can. Sure QSECOFR or QTCP can read the file, destroy the contents, etc.
They just cannot delete the actual file or rename it.

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail
to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: Justin Taylor <JUSTIN@xxxxxxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Date: 05/02/2014 05:13 PM
Subject: RE: IFS File permissions
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



OK, so it sounds like the file is /tmp/myfile.txt and you're accessing it
via a NetServer share of the root (sharing the root would make me
incredibly nervous, but I digress).

As I recall, when you create a file under the local root file system, the
owner has authority but no else does (you'd expect it to have the dir
permissions but it doesn't). What user are you using to access the
NetServer? If you're using a different user, or guest access, that could
be your problem.






Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact