Securing directories

 

To access an object within the root file system, you read through the entire path to that object.

To search a directory, have *X (*OBJOPR and *EXECUTE) authority to that directory. Assume, for example, that you want to access the following object: /companya/customers/custfile.dat

You must have *X authority to the companya directory and to the customers directory.

With the root file system, you can create a symbolic link to an object. Conceptually, a symbolic link is an alias for a path name. Usually, it is shorter and easier to remember than the full path name. A symbolic link does not, however, create a different physical path to the object. The user still needs *X authority to every directory and subdirectory in the physical path to the object.

For objects in the root file system, you can use directory security just as you might use library security in the QSYS.LIB file system. You can, for example, set the public authority of a directory to *EXCLUDE to prevent public users from accessing any objects within that tree.

 

Parent topic:

Planning integrated file system security