[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Setup as400 to accept ftped text files from a customer into an ifs folder.

From: Charles Wilt <charles.wilt@xxxxxxxxx>
To: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Setup as400 to accept ftped text files from a customer into an ifs folder.
Date: Wed, 12 Aug 2009 09:30:09 -0400

John,

Ideally, *PUBLIC authority on most objects in your system should be
*EXCLUDE.  Your employees should belong to a group profile that has
authority to objects *PUBLIC originally had access to (ex WRKSPLF)

However, most systems I've seen use *PUBLIC for the standard employee
access, which is fine till you realize you need *PUBLIC to have less
authority for non-employees.

You could explicitly *EXCLUDE the new user ID from /QSYS.LIB/ and
other IFS directories, although be sure to leave them *USE to the root
'/', home '/home', and *CHG to their home directory '/home/myhomedir'.

One thing to consider, instead of actually giving the customer the
iSeries user ID and password, you can use the FTP exit program to
validate and allow access using a different set of credentials. Then
you swap the FTP job to a specific iSeries ID.  This is basically the
same as what you'd have to do to enable anonymous FTP.  Benefit to
this, is that the credentials used for FTP are only valid for FTP.
Ideally, you'd still want to limit the authority of the iSeries
profile swapped to using the discussion above.

HTH,
Charles

On Tue, Aug 11, 2009 at 4:55 PM, John
Rusling<jrusling@xxxxxxxxxxxxxxxxxxx> wrote:
> I'd like to allow a customer to ftp a text file to the ifs of our iSeries.
> This would come in from outside the firewall.
>
> I know i'll need to setup a user profile and password for them as well as provide
> them with the ip address of the 400. (and let them in thru the firewall)
>
> Thats' about all i know.
>
> How/where can i set this up so that when they send something it always goes
> into the same ifs folder?  ie; lock them out of changing folders etc or specifying
> a different directory, specifically like /qsys.lib/**** etc.
>
> What are things to look out for, gotchas etc?  Is there 'some' best practice for
> doing this to limit any possible security breaches?
>
> Thanks for any help, direction or good reading recommendations.
>
> John B.
> -----------------------------------------------------------------------
> This is the FTPAPI mailing list.  To unsubscribe, please go to:
> http://www.scottklement.com/mailman/listinfo/ftpapi
> -----------------------------------------------------------------------
>
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

References:
- Setup as400 to accept ftped text files from a customer into an ifs folder.
  - From: John Rusling

Prev by Date: RE: Setup as400 to accept ftped text files from a customer into an ifs folder.
Next by Date: RE: FTP transfers garbled up
Previous by thread: RE: Setup as400 to accept ftped text files from a customer into an ifs folder.
Next by thread: RE: Data Compression
Index(es):
- Date
- Thread