While everyone likes to feel special, we need to be more selective when it comes to data access. As we discussed last month, many users have privileges far beyond their business requirements and simply need to have their access reduced to more reasonable levels.
Ask any security professional which area of IBM i security is most often ignored and chances are that the unanimous response is a chorus of “the Integrated File System.” Although it’s been around since V3R1, the Integrated File System, or IFS, remains a shrouded mystery that represents significant risk to many IBM i organizations.
Introduced by IBM to support TCP/IP services, a profile swap allows a job to change midstream and run under a different profile than the one that started it.
File Integrity Monitoring (FIM) helps ensure that your critical and sensitive data is viewed and changed only by authorized personnel through approved channels. Candidates for FIM include application files containing sensitive data, such as personnel or financial data, and server configuration files.
There are several considerations with authority adoption. Each is important but can usually be accommodated. But what is the effect if the program owner has the same or less privileges than the user that called the program?
Webdocs – iSeries references the documents it stores by an IFS (Integrated File System) path. There is, however, no requirement that the IFS path refer to a file system on local disk. In fact, for many Webdocs iSeries implementations, it is advantageous to store some or all of the documents from Webdocs on remote file systems that are shared using NFS (Network File System) and mounted into the IFS...
WebDocs iSeries uses the IFS directory /RJSTEMP and the library RJSTEMP to store information and files temporarily. In general, it will attempt to clean up after itself, but there are situations which arise that do not perform clean up operations. As a result, files will gradually accumulate, taking up disk that could otherwise be used for other processes.
The RJSTEMP library
The RJSTEMP isn’t...
As a WebDocs iSeries administrator, if something goes wrong your users will look to you to find, and fix, the matter. Simply knowing where to look when an initial error message is unclear can resolve a huge percentage of difficulties.
NFS has long had a tentative relationship to security. As with its cousin, CIFS/SMB (more commonly know as Windows File Sharing), security was not an area of primary focus. The elements of security that exist are significant, but they are nontrivial to implement, particularly across operating systems and with third-party applications.