× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. RPG400-L
  3. May 2024

RE: Simulating adopted authority with IFS

You might have better luck asking this in the midrange-L list.

- Dan

-----Original Message-----
From: RPG400-L <rpg400-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of datil400
Sent: Wednesday, May 8, 2024 5:42 AM
To: RPG programming on IBM i <rpg400-l@xxxxxxxxxxxxxxxxxx>
Subject: Simulating adopted authority with IFS

Hello guys,

I am trying to simulate in my ERP the adopted authority to treat IFS objets in transparent way. I don´t want users have access to certain IFS directories and files outside the application program.

I know that the adopted authority does not work in the IFS, but I think it can be simulated. I am using qsysetegid(), gsysetgid() and qsysetregid() to change the job primary group.

In addition, all IFS objects have the primary group (PGP) set with the application's owner group (i.e. the group set with the qsysetegid API).
*PUBLIC authorization is *EXCLUDE.

I have done some tests and it seems to work fine, but I have encountered some problems with some CL and Qshell/PASE commands. For example, EDTF or DSPF don´t work, they need at least *X authorization on the whole directory path.

On the other hand, the SFTP command does not work either due to an authorization issue on the key files (for example).

Am I trying to do something impossible?

Is there any documentation on that subject?

Are the exceptions documented?

Any suggestions?

Best regards

Javier Mora

*** CONFIDENTIALITY NOTICE: The information contained in this communication may be confidential, and is intended only for the use of the recipients named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please return it to the sender immediately and delete the original message and any copy of it from your computer system. If you have any questions concerning this message, please contact the sender. ***

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.