Register

Forgot Password

Site FAQ

Home > IT Answers > AS/400 > How to limit the client authority in FTP?

Samchan

50 pts.

How to limit the client authority in FTP?

AS/400 FTP, AS/400 Permissions, IFS File Lock

I would like to limit FTP client can access the specific IFS file only.

What should I do in the AS/400?

Software/Hardware used:
AS/400

ASKED: July 7, 2010 10:38 AM

UPDATED: July 16, 2010 7:01 AM

RELATED QUESTIONS

Answer Wiki:

Last Wiki Answer Submitted: Be the first to answer this question.

All Answer Wiki Contributors: Be the first to answer this question.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: Jul 15, 2010 11:56 PM (GMT)

Are you saying that users do not have sufficient authority to use FTP to access any files on your system, and you want to grant enough authority to access particular files?

Or are you saying that you want to allow FTP access to your files but there is currently too much authority — and you want to limit the authority down to allow only particular files?

Those are almost opposite situations.

Tom

TomLiotta

107,715 pts.

POSTED: Jul 16, 2010 1:34 AM (GMT)

Hi Tom,
I want to allow FTP access to my IFS file but there is currently too much authority, and also want to limit the authority down to allow only particular user.

Sam

Samchan

50 pts.

POSTED: Jul 16, 2010 7:02 AM (GMT)

If authority is too loose on the system, then it must be controlled by other means.

If you only want to allow a single user or a defined set of users to be allowed, and even better if you know the specific actions that can be performed, then an FTP exit program is your best choice.

The Managing access using File Transfer Protocol exit programs topic in the Information Center covers what you need to know to put control programs in place. Example programs are supplied, written in CL and RPG. Whichever language you prefer can be used or you can write in COBOL or C. The degree of complexity and functionality will be up to you.

Start by writing a simple program that simply logs what passes through it — write log records to a file, to a message or to whatever you wish. Use a table to look up the user to see if the request should be allowed. Default to allowing all requests. After a few test sessions, you’ll learn what to expect.

Then start rejecting some of the requests to see how rejection works. Reject everything from users not in the table. Reject all requests that aren’t of the allowed types.

As long as you have a clear set of objectives, the programming will remain straightforward. It will only become complex when you need to plan for allowing or rejecting based on changing rules for unpredictable profiles, when performance becomes critical, etc.

The example programs are sufficient to get you going for what you’re after.

But always stay aware that the problem exists because authorities are not controlled within the system. There is no good substitute for proper object authority at the beginning.

Tom

TomLiotta

107,715 pts.

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags