|
One of the 1st things to restrict is the users ability to use Win Explorer or other such tools to "roam" thru the entire system (the ifs is all files systems, including the QSYS.LIB file system). IBM supplies an auth list call QPWFSERVER that controls Explorer type functions. A user authorized this auth list can "explore". I would suggest changing to *public authority to *exclude (default is *use). This will not stop Ops Nav exploring, but normal users should not have OpsNav functions. btw-any cmd line user with access to wrklnk cmd can do same exploring. think about commands such as: del (delete) also rmvlnk and erase cpy and copy and mov and move and rnm and ren(rename) all the link commands (go cmdlnk) secure ftp use (can get & put files into or from the ifs) this is a very long subject and have barely scratched the surface. read Implementing AS/400 Security by Carol Woodbury & Wayne Madden read the Tips & Tools for Securing Your AS/400 (previous releases or probably now lost in the cd. Check out Security Advisor in Ibm's Tech Studio http://www.iseries.ibm.com/tstudio/ Very short story - am in the process of cleaning up at a customer, where a net tech loaded Ops Nav on the receptionist pc, she stayed 2 months and left. Somehow her profile now owns several major directories in the ifs, including QIBM. (this customer never wanted to spend the time for a truly secure system) hth jim franz ----- Original Message ----- From: "Joel Fritz" <JFritz@sharperimage.com> To: <midrange-l@midrange.com> Sent: Monday, January 14, 2002 5:49 PM Subject: RE: Securing the IFS > The simple answer is: "lots of ways." <g> > > At the simplest level you can use either wrkaut or ops nav to set up > permissions on files, directories, and shares. Depending on how your system > security is set up you can do all sorts of things with groups. I suspect > there may be something you can do with the netserver shares from the > NT/w2k/xp side also. > > > -----Original Message----- > > From: Wills, Mike N. (TC) [mailto:MNWills@taylorcorp.com] > > Sent: Monday, January 14, 2002 2:18 PM > > To: Midrange - Tech (E-mail) > > Subject: Securing the IFS > > > > > > How do I secure the IFS folders? We have just started to really take > > advantage of it and I would like to make sure the users can > > only see what we > > let them. We are on V4R5 and our users are on CA or CAE (we > > user both). > > > > Mike Wills > > Taylor Corporation > > IT Corporate Support > > mnwills@taylorcorp.com > > Phone: (507) 386-3187 > > > > _______________________________________________ > _______________________________________________ > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list > To post a message email: MIDRANGE-L@midrange.com > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l > or email: MIDRANGE-L-request@midrange.com > Before posting, please take a moment to review the archives > at http://archive.midrange.com/midrange-l. > >
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.