| 
 | 
Well.. we do have a pretty secure network.. behind a number of firewalls..--
so there is a level of security within the internal network that I can
feel pretty confident might suffice. I am also pretty sure the users
from one division can't cross over to the users of another without
passing through their firewalls, traversing their VPN's etc. Most of
the "divisions" act somewhat independently, with each site having its
own accounting, etc. I don't think all locations feed into on central
data center per say... so without knowing each specific user name,
site, and unique identifiers, public pretty much means the 3 people on the particular site.
I certainly want to put public back to exclude... but.. I matched up
line for line the other 2 users profile, I can't see anything that
leads me to believe she is excluded from some "global group" that I am
missing. In fact.. one of the users in that division as a profile
labeled usrprf, the other 2 have grpprf... and usrprf isn't the one
having the issue.. so this is a good mytsery.
I am still looking at how to make it as right as the other 2 on that
site.. but so far still coming up empty as to what's different.
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Charles Wilt
Sent: Tuesday, September 30, 2014 10:28 AM
To: Midrange Systems Technical Discussion
Subject: Public authority (was Re: upload file error)
On Tue, Sep 30, 2014 at 10:04 AM, Buck Calabro <kc2hiz@xxxxxxxxx> wrote:
I don't want to sound like a jerk but I come by it naturally :-)
*PUBLIC is everybody in the universe, not just the 3 users in that
portion of the company. If I had your machine's IP address, I could
almost certainly read and modify the contents of that file from here.
--buck
Not quite...let's not panic the guy Buck!...
*PUBLIC is every user profile on the machine that doesn't have
explicit private authorities. So anybody with credentials on the
machine can modify that file now.
So it'd take Buck more than just knowing the IP of the machine, even
assuming it's not behind a firewall. He'd have to know or be able to
guess a valid user profile/ password combination.
Hopefully you don't have any default passwords, where the password =
user ID. You can check by doing, GO SECTOOLS and selecting option 1 =
Analyze default passwords.
Then there are anonymous services, such as FTP or the Netserver "Guest"
account. Anonymous FTP isn't allowed by default, you have to have
create or buy an FTP exit point program to enabled it.
http://www-01.ibm.com/support/knowledgecenter/ssw_ibm_i_71/rzaiq/rzaiq
ftpanon.htm
You can check for exit programs via
WRKREGINF EXITPNT(QIBM_QTMF_SVR_LOGON)
Look at the line
Current number of exit programs . . . : 0
The "Guest" netserver account is basically a generic account used by
the IBM SMB (windows) file server. It's used when a windows users
tries to access a IBM i Netserver file share and there isn't a
matching IBM i user ID. Again, it is not enabled by default. You'd
need to use the IBM i Navigator GUI to see if it is enabled.
http://www-01.ibm.com/support/knowledgecenter/ssw_ibm_i_71/rzahl/rzahl
guestprofs.htm
Charles
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.