1.  Home
  2. MIDRANGE-L
  3. April 2004

RE: Mapping Network Drive

Shannon,

I'd really reconsider the need for having GUEST support.  It's not really
necessary unless you have a lot of Win9x clients.  It's not needed at all if
the users' profile name and passwords are identical in Windows and iSeries.
Getting rid of GUEST removes the largest obstacle, IMO.

Eric DeLong
Sally Beauty Company
MIS-Project Manager (BSG)
940-898-7863 or ext. 1863



-----Original Message-----
From: Shannon ODonnell [mailto:sodonnell@xxxxxxxxxxxxxxxxx]
Sent: Tuesday, April 27, 2004 9:09 PM
To: 'Midrange Systems Technical Discussion'
Subject: RE: Mapping Network Drive


Yeah,  it's a problem.  Add to all of that, security is enforced...you
might want to sit down for this one... At the application level. Now
that I'm developing communicative technologies (how's that for a turn of
phrase? :-) ) between multiple AS/400's,  these two holes alone are
getting ready to suck the life right out of whatever security, however
thin, once existed on these boxes.

Ah well... If it was easy, anyone could do it.  :-)

Shannon O'Donnell

 



-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Tom Liotta
Sent: Tuesday, April 27, 2004 8:54 PM
To: midrange-l@xxxxxxxxxxxx
Subject: RE: Mapping Network Drive


Shannon:

I haven't thought this through, but it seems you have a couple
difficulties. By having a guest profile _and_ a /root share, you have a
problem. Also, though it's been quite a while since I last looked at it,
I recall that the QPWFSERVER *AUTL is specific to /QSYS.LIB objects, not
any other file system; and it isn't exactly associated with file shares,
but with almost _any_ /QSYS.LIB object access via a host server (and
possibly TCP/IP servers as well) -- this can be a problem even for an
exit program if it attempts to access a file or call another program
when this is restricted.

First thing I'd do is remove the /root share. Only share directories
that you want shared, perhaps e.g., /home and others. If you _must_ have
a /root share, set its permissions appropriately.

If you have a /root share that isn't restricted, there's pretty much no
point in discussing mapped drive restrictions. AFAIC, the point of
sharing is to allow mapping drives. If you don't want mapped drives,
don't share. If you want only some users to map drives, set permissions
appropriately.

Use OpsNav to create and modify shares and to set permissions.

 ==> Connection>Network>Servers>TCP/IP

RMB on iSeries Netserver, select <Open>, or simply double-click. Then
expand Shared Objects. Each share has <Permissions>.

The The iSeries Support for Windows Network Neighborhood Server (iSeries
NetServer) APIs, or Server Support APIs, give some ability to set
permissions. OpsNav provides significant detail.

Tom Liotta

midrange-l-request@xxxxxxxxxxxx wrote:

>   2. RE: Mapping Network Drive (Shannon ODonnell)
>
>Yes.  Not allow anyone to map a network drive, unless they are first 
>authorized to do so.  The problem I've seen, and that I've had zero 
>amount of time to research, is that the guest user profile QUSER, 
>defined on the NETSERVER properties, allows all drive mapping access so

>anyone can map a network drive even though I've limited access to the 
>QPWFSERVER *AUTL.  To add to the mix, there is also a /root share
>defined.  :-)   
>
>There may not be a five second solution here, but I thought it was 
>worth a shot to ask.
>
>Shannon O'Donnell

-- 
Tom Liotta
The PowerTech Group, Inc.
19426 68th Avenue South
Kent, WA 98032
Phone  253-872-7788 x313
Fax    253-872-7904
http://www.powertech.com


__________________________________________________________________
Introducing the New Netscape Internet Service. 
Only $9.95 a month -- Sign up today at http://isp.netscape.com/register

Netscape. Just the Net You Need. 

New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp
_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.




_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.