|
Software > OpenVMS Systems > Ask the Wizard HP OpenVMS Systemsask the wizard |
|
The Question is: On an OpenVMS V7.1-2 / UCX V4.2 - ECO 4 platform we use a captive account starting an application program which fully shields users from the command prompt. This application program which executes all file creations/updates/deletes handles all extra autho rization/security aspects outside VMS (files all have Owner:RWED). However, the same account is also used for external (non VMS) systems to FTP GET/PUT files. Via this FTP access, files can be deleted without any restrictions other than the VMS restrictio ns. Is there any means of restricting the use of certain FTP commands in a specific account, so that the use of FTP DELETE can be restricted or blocked altogether. The Answer is : Use another username specific to FTP, or use added ACEs that conditionalize the handling of batch or network or interactive modes, or use subsystem identifiers on images (to permit the deletion), or grant an additional identifier to the user to permit delete access during the captive login, etc...
|