In order for end users to traverse the root directory and operate in a sub directory, they will need at least "x" authority to the root. *PUBLIC *EXCLUDE would prevent any user who does not have explicit execute authority to the root from accessing there shares. That's not to say that you should give *PUBLIC execute only rights though, because last I heard Client Access stored some objects in the root directory that your users need to read in order to run CA (that may be different now, I haven't looked at this recently. :( Test thoroughly. jte -- John Earl | Chief Technology Officer The PowerTech Group 19426 68th Ave. S Seattle, WA 98032 (253) 872-7788 ext. 302 john.earl@xxxxxxxxxxxxx www.powertech.com This email message and any attachments are intended only for the use of the intended recipients and may contain information that is privileged and confidential. If you are not the intended recipient, any dissemination, distribution, or copying is strictly prohibited. If you received this email message in error, please immediately notify the sender by replying to this email message, or by telephone, and delete the message from your email system. -- > -----Original Message----- > From: security400-bounces@xxxxxxxxxxxx > [mailto:security400-bounces@xxxxxxxxxxxx] On Behalf Of > Wills, Mike N. (TC) > Sent: Friday, February 06, 2004 9:41 AM > To: Midrange - Security (security400@xxxxxxxxxxxx) > Subject: [Security400] Root IFS removing *public > > What will happen to all our shares and such if I change > root to be *public > to *exclude? I don't want to change it then break > everything on the system. > A couple of our applications already use the IFS. Does it > just change the > root authority and doesn't change access for anything > else? Obviously I will > try this on a off time when I won't interrupt anyone. > > Mike Wills > Lawson Programmer/Administrator > Taylor Development > Email: mnwills@xxxxxxxxxxxxxx > Direct Line: (507) 386-3187 > > CONFIDENTIAL INFORMATION > > NOT TO BE COPIED WITHOUT AUTHORIZATION > > The information contained in this electronic mail > transmission may contain > privileged communications and/or confidential information > intended only for > the use of the named recipient(s). If the reader of this > information is not > the named recipient(s) or you receive this transmission in > error, please: > (1) immediately notify us by return electronic > transmission at > mnwills@xxxxxxxxxxxxxx; and (2) permanently delete this > message from your > computer and all servers and other stored devices. > > _______________________________________________ > This is the Security Administration on the AS400 / iSeries > (Security400) mailing list > To post a message email: Security400@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: > http://lists.midrange.com/mailman/listinfo/security400 > or email: Security400-request@xxxxxxxxxxxx > Before posting, please take a moment to review the > archives > at http://archive.midrange.com/security400.