× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Well.. we do have a pretty secure network.. behind a number of firewalls.. so there is a level of security within the internal network that I can feel pretty confident might suffice. I am also pretty sure the users from one division can't cross over to the users of another without passing through their firewalls, traversing their VPN's etc. Most of the "divisions" act somewhat independently, with each site having its own accounting, etc. I don't think all locations feed into on central data center per say... so without knowing each specific user name, site, and unique identifiers, public pretty much means the 3 people on the particular site.

I certainly want to put public back to exclude... but.. I matched up line for line the other 2 users profile, I can't see anything that leads me to believe she is excluded from some "global group" that I am missing. In fact.. one of the users in that division as a profile labeled usrprf, the other 2 have grpprf... and usrprf isn't the one having the issue.. so this is a good mytsery.

I am still looking at how to make it as right as the other 2 on that site.. but so far still coming up empty as to what's different.



-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Charles Wilt
Sent: Tuesday, September 30, 2014 10:28 AM
To: Midrange Systems Technical Discussion
Subject: Public authority (was Re: upload file error)

On Tue, Sep 30, 2014 at 10:04 AM, Buck Calabro <kc2hiz@xxxxxxxxx> wrote:


I don't want to sound like a jerk but I come by it naturally :-)
*PUBLIC is everybody in the universe, not just the 3 users in that
portion of the company. If I had your machine's IP address, I could
almost certainly read and modify the contents of that file from here.
--buck


​Not quite...let's not panic the guy Buck!...

*PUBLIC is every user profile on the machine that doesn't have explicit private authorities. So anybody with credentials on the machine can modify that file now.

So it'd take Buck more than just knowing the IP of the machine, even assuming it's not behind a firewall. He'd have to know or be able to guess a valid user profile/ password combination.

​Hopefully ​you don't have any default passwords, where the password = user ID. You can check by doing, GO SECTOOLS and selecting option 1 = Analyze default passwords.

Then there are anonymous services, such as FTP or the Netserver "Guest"
account. Anonymous FTP isn't allowed by default, you have to have create or buy an FTP exit point program to enabled it.
http://www-01.ibm.com/support/knowledgecenter/ssw_ibm_i_71/rzaiq/rzaiqftpanon.htm

You can check for exit programs via
WRKREGINF EXITPNT(QIBM_QTMF_SVR_LOGON)

Look at the line
Current number of exit programs . . . : 0

The "Guest" netserver account is basically a generic account used by the IBM SMB (windows) file server. It's used when a windows users tries to access a IBM i Netserver file share and there isn't a matching IBM i user ID. Again, it is not enabled by default. You'd need to use the IBM i Navigator GUI to see if it is enabled.
http://www-01.ibm.com/support/knowledgecenter/ssw_ibm_i_71/rzahl/rzahlguestprofs.htm

Charles
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.