|
Rob, You are a superstar. That is it! Many thanks.
On Tue, Oct 12, 2021 at 8:21 AM Rob Berendt <rob@xxxxxxxxx> wrote:
I have sent a detailed message earlier today about WRKFCNUSG
I know exactly why your team said use a user with *ALLOBJ authority.
And I can duplicate this situation exactly.
See that detailed message for details.
See a reply to that message on how your team can add your special ftp
user profile and not have to have *ALLOBJ authority for him.
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 7310 Innovation Blvd, Suite 104
Ft. Wayne, IN 46818
Ship to: 7310 Innovation Blvd, Dock 9C
Ft. Wayne, IN 46818
http://www.dekko.com
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Mark Murphy
Sent: Monday, October 11, 2021 12:07 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Authority issues with FTP RCMD
CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know
the content is safe.
I have a little utility I wrote using Scott Klement's FTP API to simplify
the FTP process between IBM i boxes. You tell it what object to send, and
where to send it, and the utility takes care of creating save files on the
local and remote side, saving the object, and restoring it on the other
end. This worked great for a while until our system engineers started
messing with authorities, and now no one knows how to set up the
authorities to make it work again. They keep telling me that the only way
to make it work is to give the user *ALLOBJ. I am skeptical about that,
but
I don't know what authority is required.
The problem arises when I try to create the save file in QTEMP on the
remote side. I do that using FTP's RCMD sub command. What I am getting is
550 Request rejected.
I can't really find anything in the documentation concerning special
authorities required by the RCMD subcommand. I did find something
recommending that it be restricted using an exit, but we have no exit
programs registered. So I am at a loss. I can create the save file from
the
command line, but not from the RCMD command which is supposed to act like
a
command line according to this:
- FTP provides remote-command capability, just as advanced
program-to-program communications (APPC) and IBM i Access for Windows
do.
The RCMD (Remote Command) FTP-server subcommand is the equivalent of
having
a command line on the system. Before you allow FTP, you must ensure
that
your object security scheme is adequate. You can also use the FTP exit
program to limit or reject attempts to use the RCMD subcommand. FTP
exit
programs describes this exit point and provides sample programs.
Does anyone know of any authority requirements for the RCMD subcommand for
the IBM i FTP server? Or where I can look to find more information?
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.