2.2.1 File and Folder Security

During installation the xxxPGMLIB and QOTHPRDOWN user profiles are created with a default password of LANSA. You need to change these passwords to make your system secure.

Files and directories in the JSM instance are shipped with the owner being QOTHPRDOWN and *PUBLIC authority of *EXCLUDE. The JSM user specified at install time is granted all data and object authority.

To allow other user profiles to access JSM files and folders you can use the i5/OS user profile primary group or supplemental group feature:

CHGUSRPRF USRPRF(MYUSER) GRPPRF(XXXXXXXXXX) OWNER(*USRPRF|*GRPPRF) SUPGRPPRF(xxxPGMLIB)

 

IBM i Java uses the Unix Style permissions when creating files and folders.

When Java creates a new file:

When Java creates a new folder:

Refer to IBM Support Integrated File System Authority Considerations.

To change the data and object authorities of existing files and folders you can use the CHGJSMAUT, CHGJSMPGP, CHGAUT or CHGPGP commands.

IFS folders and files created by Java inherit the *PUBLIC object authority from the parent folder but the *PUBLIC data authority for created files and folders is set by the system properties 'os400.file.create.auth' and 'os400.dir.create.auth'.

Specifying the properties without any values or with unsupported values results in a public data authority of *NONE.

os400.dir.create.auth=none

os400.file.create.auth=none

 

To change the *PUBLIC data authority for created files and folders to a particular value requires changing the following properties in the SystemDefault properties file.

os400.dir.create.auth=RWX

os400.file.create.auth=RW