Managed File Transfer security reference

Reference information to help you configure security for Managed File Transfer.

• File system permissions for MFT in IBM MQ
  When you install and configure the Managed File Transfer component of IBM MQ, the configuration, installations, and logs directories are created with the following permissions.
• Manage authorities for MFT-specific resources
  For any file transfer request, the Managed File Transfer Agent processes require some level of access to their local file systems. In addition, both the user identifier associated with the agent process, and the user identifiers associated with users performing file transfer operations must have the authority to use certain IBM MQ objects.
• Authority to publish MFT Agents log and status messages
  Managed File Transfer Agents issue various log, progress, and status messages that are published on the coordination queue manager. The publication of these messages is subject to the IBM MQ security model, and in some cases you might have to perform further configuration to enable publication.
• Authorities for MFT to access file systems
  For any file transfer request, the Managed File Transfer agent processes require some level of access to their local file systems.
• commandPath MFT property
  Use the commandPath property to specify the locations that Managed File Transfer can run commands from. Take extreme care when you set this property because any command in one of the specified commandPaths can effectively be called from a remote client system that is able to send commands to the agent.

Parent topic: Security reference