How to tell who deleted IFS directory? -- MIDRANGE-L

Subject: How to tell who deleted IFS directory?
From: "Steve McKay" <steve.mckay@xxxxxxxxxxxxxx>
Date: Wed, 29 Jan 2003 12:08:05 -0600
List-archive: <http://archive.midrange.com/midrange-l>
List-help: <mailto:midrange-l-request@midrange.com?subject=help>
List-id: Midrange Systems Technical Discussion <midrange-l.midrange.com>
List-post: <mailto:midrange-l@midrange.com>
List-subscribe: <http://lists.midrange.com/mailman/listinfo.cgi/midrange-l>,<mailto:midrange-l-request@midrange.com?subject=subscribe>
List-unsubscribe: <http://lists.midrange.com/mailman/listinfo.cgi/midrange-l>,<mailto:midrange-l-request@midrange.com?subject=unsubscribe>

Gang -

We had an 'adventure' this morning where someone deleted an IFS directory
containing web pages used on our Intranet web site.  No harm done - we
restored from a backup - but in trying to determine the who, how, and why,
we discovered that QAUDJRN type DO (delete object) had references to STMFs
being deleted but the directory/filename was *N/*N and the user ID was not
readable.

We're at V4R5 with most QAUDLVL options "on" (not *NETCMN, *OFCSRV,
*OPTICAL) and *QSECURITY 40.

How can we audit who deletes IFS files?

Thanks in advance,

Steve

This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.