The IFS is probably one of my favorite things about IBM i. The Integrated File System (IFS) is a layer of software that lets the rest of your ‘Windows’ World talk directly to that big Black IBM Super Server in the corner.
The beauty of it is…. those widows machines don’t even know they are talking to a IBM Power server – because the IFS presents data to them in a lovely windows FAT kind of way.
Integrated File System Security
Question: I have a problem with security on QDLS. I have a user that is unable to access QDLS from her PC. Her profile is setup as *SECOFR with *ALLOBJ authority. Is there special security for QDLS?
We map a network drive to our system’s root:
When she clicks on QDLS is says access denied?? Any ideas??
Here is some of the things that we tried:
Delete all the *.PWL files
Cleared the CA/400 password Cache
Response 1. Is she in the AS/400 directory?(WRKDIRE). (note: turned out to be the most useful response in this particular case)
Response 2. Is she enrolled as a CA user on the AS/400?
Response 3. What userid is she signing on as. Do a WRKACTJOB and make sure it is her userid that is signing on. Also, make sure that she has a Directory entry, and the directory entry points to the right user profile.
Question: I’m having a little trouble with IFS authorities, and can’t quite find the source of the problem. Any help would be greatly appreciated.
I’m looking at providing a programmer profile (*JOBCTL only) with individual authority to copy something out of an IFS directory and I’m having a devil of a time with (I think) the target authority.
The specifics: User profile JOHN is trying to copy a “Hello.java” from “/QIBM/ProdData/Java400/com/ibm/as400/system” into directory “/john” that user profile JOHN created and has ownership authority over. Message CPFA09C is issued saying ‘ Authority is not sufficient to access object *N.’ Any idea’s on how I find out what *N is?
I’m guessing that there must be a rule about authority needed to the parent directory structure, I just can’t put my finger on it.
Answer: The user profile doing the copy needs to have *OBJMGT authority to the source object in order to get the authority attributes of the source, in order to copy them.
Side Note on IFS Authority: Apparently IFS authorities differ from native DB2 authorities in that you must have *OBJMGT in order to copy a file. The IFS function must be more similar to a CRTDUPOBJ than it is to a CPYF.
Question: Has anyone noticed that you cannot assign a group profile as the owner of an IFS directory or object with OpsNav? You can with WRKLNK (actually CHGOWN) on the green screen. Once you assign it there you can modify the permissions within OpsNav, but Group Profiles are not available to be selected as owner. (12/99)
Answer: The best I’ve found so far is to use the CHGAUT command with ‘/dir1/…./*’ for the object name. That gets all files and directories in the specified path. Be sure to do the CHGOWN command (same syntax) first and the CHGAUT command second. You still need to chase the subdirectories yourself however. (F9 is your friend!).
If you map the drive to a PC and do DIR /F/S > dirfile (works in OS/2 anyway) you get a file with just the list of files all the way down the tree. You could upload this to the 400 and read it in a CLP processing each record. That’d save some typing!