Closing Open Access to IFS

435 pts.
Tags:
IBM POWER6 server
iSeries V5R4M5
I have recently identified that we have open share access to the IFS on some of my systems. So much so that users who do not have profiles on the iSeries can access files on the IFS. WE can close them down and we did but it impacted the business so we have to open them again. WE need to understand who is accessing the IFS. I also need to understand the best way to allow the required access to continue yet shutting down the open access we have currently.

I recently gave the link to one of my colleagues who has nothing to do with the iSeries and they could browse the fils in the IFS. I need to close this down to only allow access to those who should have it.

Help is much appreciated.



Software/Hardware used:
V5R4M5, Power6,

Answer Wiki

Thanks. We'll let you know when a new response is added.

What version of the OS are you using? What is the security level (20, 30, 40, etc) ? When you say that closing them down hurt business, what do you mean?

Here are some links that may help:
http://wiki.rjssoftware.com/wiki/index.php/IFS_Tools_Commands

http://www.systeminetwork.com/article/databasesql/ifs-journal-monitor-7332

http://publib.boulder.ibm.com/iseries/v5r2/ic2924/info/apis/unix2b.pdf

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta
    In iSeries Navigator, expand your connection down through Network-> Servers-> TCP/IP, and right-click the NetServer server to access Properties. On the Security tab, see if a 'Guest user ID:' is assigned. If one is, remove it. A 'guest' profile is a profile that you create (or assign) on your iSeries, to be used whenever someone requests a connection but has no profile of their own. (And surely you don't have a share out over the /root file system nor over /QSYS.LIB itself, right?) Tom
    125,585 pointsBadges:
    report
  • TomLiotta
    As for knowing who accesses files, you can create an exit program over the file server QIBM_QPWFS_FILE_SERV exit point. Your exit program can create a log of accesses, if that's what you need. It can also return a 'Accept' or 'Reject' indication back to the file server. How you analyze the request and make the decision is up to your programming. If you do nothing log accesses, you might consider 'Accept' for all accesses, or perhaps 'Reject' for accesses from outside your system's local subnet, or any number of variations. Tom
    125,585 pointsBadges:
    report
  • TomLiotta
    If you do nothing log accesses... Should be "If you do nothing but log accesses...". Tom
    125,585 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following