× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. February 2016

Re: AF errors after setting up SSH connections with BASH Shell

While *PUBLIC doesn't need "Object Authorities"(n1), *PUBLIC will need *RX
on parent directories. The *X authority allows for entering/viewing that
directory.

n1 - I will need to see why I have mine set that way.

I don't use QTMHHTTP(IBM Apache) servers anymore. I am instead using nginx
at this point moving forward.

Aaron Bartell
litmis.com - Services for open source on IBM i


On Wed, Feb 17, 2016 at 10:17 AM, Dan Lanza <DLanza@xxxxxxxxxxxxxxx> wrote:

Interesting Aaron. We follow the idea of least privileged access and have
*PUBLIC set to *EXCLUDE.
Do you mind temporarily trying to set *PUBLIC to *EXCLUDE on your machine
and restarting a web server to see if AF entries are generated by QTMHHTTP?

-----Original Message-----
From: Aaron Bartell [mailto:aaronbartell@xxxxxxxxx]
Sent: Wednesday, February 17, 2016 11:02 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Subject: Re: AF errors after setting up SSH connections with BASH Shell

What permissions does everyone have set for QTMHHTTP on "/QOpenSys/opt".

% ls -all /QOpenSys
drwxr-sr-x 3 aaron 0 8192 Dec 17 11:30 opt


5250> DSPAUT OBJ('/QOpenSys/opt')

Display Authority

Object . . . . . . . . . . . . : /QOpenSys/opt
Type . . . . . . . . . . . . . : DIR
Owner . . . . . . . . . . . . : AARON
Primary group . . . . . . . . : *NONE
Authorization list . . . . . . : *NONE

Data --Object Authorities--
User Authority Exist Mgt Alter Ref
*PUBLIC *RX X X X X
AARON *RWX X X X X


​HTH,​
Aaron Bartell
litmis.com - Services for open source on IBM i


On Wed, Feb 17, 2016 at 9:53 AM, Dan Lanza <DLanza@xxxxxxxxxxxxxxx> wrote:

So with further experimentation I noticed if I disable SSHD with
"ENDTCPSVR SERVER(*SSHD)" the AF errors still occur. However if I
rename the "/QOpenSys/opt" directory to something else
"/QOpenSys/opt-backup"
while SSHD is off, the AF errors do not occur (not even for the new
path).
This leads me to believe IBM Web Administration for i specifically
tries to access "/QOpenSys/opt" if it exists upon startup.

What permissions does everyone have set for QTMHHTTP on "/QOpenSys/opt".
I'd like to confirm whether or not this is typical behavior before I
just set permissions to stop the AF errors.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.