How to limit the client authority in FTP?

50 pts.
Tags:
AS/400 FTP
AS/400 Permissions
IFS File Lock
I would like to limit FTP client can access the specific IFS file only. 

What should I do in the AS/400?



Software/Hardware used:
AS/400
ASKED: July 7, 2010  10:38 AM
UPDATED: July 16, 2010  7:01 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta
    Are you saying that users do not have sufficient authority to use FTP to access any files on your system, and you want to grant enough authority to access particular files? Or are you saying that you want to allow FTP access to your files but there is currently too much authority -- and you want to limit the authority down to allow only particular files? Those are almost opposite situations. Tom
    125,585 pointsBadges:
    report
  • Samchan
    Hi Tom, I want to allow FTP access to my IFS file but there is currently too much authority, and also want to limit the authority down to allow only particular user. Sam
    50 pointsBadges:
    report
  • TomLiotta
    If authority is too loose on the system, then it must be controlled by other means. If you only want to allow a single user or a defined set of users to be allowed, and even better if you know the specific actions that can be performed, then an FTP exit program is your best choice. The Managing access using File Transfer Protocol exit programs topic in the Information Center covers what you need to know to put control programs in place. Example programs are supplied, written in CL and RPG. Whichever language you prefer can be used or you can write in COBOL or C. The degree of complexity and functionality will be up to you. Start by writing a simple program that simply logs what passes through it -- write log records to a file, to a message or to whatever you wish. Use a table to look up the user to see if the request should be allowed. Default to allowing all requests. After a few test sessions, you'll learn what to expect. Then start rejecting some of the requests to see how rejection works. Reject everything from users not in the table. Reject all requests that aren't of the allowed types. As long as you have a clear set of objectives, the programming will remain straightforward. It will only become complex when you need to plan for allowing or rejecting based on changing rules for unpredictable profiles, when performance becomes critical, etc. The example programs are sufficient to get you going for what you're after. But always stay aware that the problem exists because authorities are not controlled within the system. There is no good substitute for proper object authority at the beginning. Tom
    125,585 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following