Did you look to see if there was an authorization list attached to the
object?

An authorization list can be used for multiple objects, they provide an
easy way to allow acesss to object without having to explicitly give
authority to individual objects.

On Tue, Sep 30, 2014 at 10:35 AM, Alex Mavrogeorge Sr <
amavrogeorge@xxxxxxxxxx> wrote:

Well.. we do have a pretty secure network.. behind a number of firewalls..
so there is a level of security within the internal network that I can feel
pretty confident might suffice. I am also pretty sure the users from one
division can't cross over to the users of another without passing through
their firewalls, traversing their VPN's etc. Most of the "divisions" act
somewhat independently, with each site having its own accounting, etc. I
don't think all locations feed into on central data center per say... so
without knowing each specific user name, site, and unique identifiers,
public pretty much means the 3 people on the particular site.

I certainly want to put public back to exclude... but.. I matched up line
for line the other 2 users profile, I can't see anything that leads me to
believe she is excluded from some "global group" that I am missing. In
fact.. one of the users in that division as a profile labeled usrprf, the
other 2 have grpprf... and usrprf isn't the one having the issue.. so this
is a good mytsery.

I am still looking at how to make it as right as the other 2 on that
site.. but so far still coming up empty as to what's different.



-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Charles Wilt
Sent: Tuesday, September 30, 2014 10:28 AM
To: Midrange Systems Technical Discussion
Subject: Public authority (was Re: upload file error)

On Tue, Sep 30, 2014 at 10:04 AM, Buck Calabro <kc2hiz@xxxxxxxxx> wrote:


I don't want to sound like a jerk but I come by it naturally :-)
*PUBLIC is everybody in the universe, not just the 3 users in that
portion of the company. If I had your machine's IP address, I could
almost certainly read and modify the contents of that file from here.
--buck


​Not quite...let's not panic the guy Buck!...

*PUBLIC is every user profile on the machine that doesn't have explicit
private authorities. So anybody with credentials on the machine can modify
that file now.

So it'd take Buck more than just knowing the IP of the machine, even
assuming it's not behind a firewall. He'd have to know or be able to guess
a valid user profile/ password combination.

​Hopefully ​you don't have any default passwords, where the password =
user ID. You can check by doing, GO SECTOOLS and selecting option 1 =
Analyze default passwords.

Then there are anonymous services, such as FTP or the Netserver "Guest"
account. Anonymous FTP isn't allowed by default, you have to have create
or buy an FTP exit point program to enabled it.

http://www-01.ibm.com/support/knowledgecenter/ssw_ibm_i_71/rzaiq/rzaiqftpanon.htm

You can check for exit programs via
WRKREGINF EXITPNT(QIBM_QTMF_SVR_LOGON)

Look at the line
Current number of exit programs . . . : 0

The "Guest" netserver account is basically a generic account used by the
IBM SMB (windows) file server. It's used when a windows users tries to
access a IBM i Netserver file share and there isn't a matching IBM i user
ID. Again, it is not enabled by default. You'd need to use the IBM i
Navigator GUI to see if it is enabled.

http://www-01.ibm.com/support/knowledgecenter/ssw_ibm_i_71/rzahl/rzahlguestprofs.htm

Charles
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.



--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.