IBM i Global

 View Only
Expand all | Collapse all

Authorization list problem IFS

  • 1.  Authorization list problem IFS

    Posted Wed October 12, 2022 06:39 AM
    Hi,

    I have a directory then is the home of a specific sftp user, I create an AUTL and set it to this directory.

    Is it possibile then every files created by any user inherit this AUTL?

    Many thanks

    ------------------------------
    Paolo Salvatore
    ------------------------------


  • 2.  RE: Authorization list problem IFS

    IBM Champion
    Posted Wed October 12, 2022 08:37 PM
    Dear Paolo

    From this IBM i Technote, it appears the answer is no : Integrated File System Authority Considerations
    [QUOTE]
    Initial object authorities are assigned to a new file or directory based on the authority values of the parent directory. The rules involved with this are as follows:

    a. The owner for the new object has the same object authorities the owner of the parent directory to the parent directory.
    b. The primary group for the new object the same object authorities the primary group of the parent directory to the parent directory.
    c. *PUBLIC has the same object authorities to the new object that it has to the parent directory.

    These rules apply even when the owner of the parent directory and the newly created object are not the same, and even when the owner of the new object has separate private authority to the parent directory.
    [UNQUOTE]

    My understanding is that IFS security is based on UNIX model and therefore AUTL is decided not to be inherited.  You may want to use Primary Group instead.


    ------------------------------
    Right action is better than knowledge; but in order to do what is right, we must know what is right.
    -- Charlemagne

    Satid Singkorapoom
    ------------------------------