How to lock FTP user out of the rest of the IFS

2960 pts.
Tags:
AS/400
AS/400 FTP
FTP
IFS
iSeries
I have an FTP user that will upload files onto our box. When they connect they start in their /home/ folder. I want to make sure they can't get back to root '/' or anywhere else in the IFS. Preferably without creating a massive security maintenance workload as this expands.
1

Answer Wiki

Thanks. We'll let you know when a new response is added.

Restrict *PUBLIC accessing Root ‘/’ and just provide access to their individual ‘/home/’ folder. 

If you don’t wish to restrict *PUBLIC from accessing root ‘/’, You can consider creating/bringing in all ftp users under Group Profile. And, restrict Specific Group from accessing root ‘/’ provided they have access to their home folder.

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • pdraebel
    I think the basic point in securing IFS from unauthorized access is the ROOT security setting for *PUBLIC. One point to avoid in IFS is having too many"Private" authorities as that can severely impact your SAVSECDTA.
    7,545 pointsBadges:
    report
  • GregManzo
    Agreed, that's why we don't want to revoke *PUBLIC access to root '/'. It would stop everybody else from the entire IFS unless they had explicit authority.
    2,960 pointsBadges:
    report
  • pdraebel
    *PUBLIC authority to root '/' is set to *RWX as default. This should be restricted to *RX (Read/Execute).
    7,545 pointsBadges:
    report
  • GregManzo
    The solution we adopted was to use navigator to restrict access to the Change Directory command. This will work just fine for what is supposed to be an automated script logging on to our machine - it only needs access to the one folder.
    2,960 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: