2.1.1 File and Folder Security

During installation the xxxPGMLIB and QOTHPRDOWN user profiles are created with a default password of LANSA. You need to change these passwords to make your system secure.

 

Files and folders in the JSM instance are shipped with the owner being QOTHPRDOWN and *PUBLIC authority of *EXCLUDE. The JSM user specified at install time is granted all data and object authority.

To allow other user profiles to access JSM files and folders you can use the i5/OS user profile primary group or supplemental group feature.

CHGUSRPRF USRPRF(MYUSER) GRPPRF(XXXXXXXXXX) OWNER(*USRPRF|*GRPPRF) SUPGRPPRF(xxxPGMLIB)

 

To change the data and object authorities of existing files and folders you can use the CHGJSMAUT, CHGJSMPGP, CHGAUT or CHGPGP commands.

By default, IFS files created by Java, inherit the *PUBLIC object authority from the parent directory. The system properties os400.file.create.auth and os400.dir.create.auth can be used to control the *PUBLIC object authority for created files and directories.

Specifying the properties without any values or with unsupported values results in a public authority of *NONE.

os400.dir.create.auth=none

os400.file.create.auth=none

 

To change the *PUBLIC file and folder creation data authority to a particular value requires changing the following properties in the SystemDefault properties file.

os400.dir.create.auth=RWX

os400.file.create.auth=RW