|
|
FTP settings (7/8) |
|
8. Validation Lists versus User Profiles
|
|
To enable FTP logging you may use validation lists instead of user profiles. This is expecially convenient when you have a group of users that must undergo the same access restrictions.
The following explains how you can implement this feature.
- Create a validation list. Example:
CRTVLDL VLDL(SECTCPDATA/GROUP1) TEXT('Validation list for FTP access via SECTCP') AUT(*USE)
Note 1 - Any library name - not just SECTCPDATA - can be specified. However, grouping such validation lists in library SECTCPDATA may help in recalling what they are for.
Note 2 - Make sure that at least AUT(*USE) is specified. In fact the default is AUT(*EXCLUDE) and that does not allow a validation list to be used by SECTCP.
- Add entries to this validation list.
Each entry must specify a user-name and a password. Make sure that they are lowercase.
You can maintain validation lists:
- Create a simple user profile for the FTP logon of all the users defined in one or more validation lists.
Example:
CRTUSRPRF USRPRF(LOGTOFTP) INLMNU(*SIGNOFF) AUT(*ALL)
- Use the appropriate SECTCP menu (see Figure 4) to define the FTP rights of this user profile.
Example:
Secured FTP
Work with User Profiles
Type options and press Enter
Options: 4=Remove
User profile . . . . . . . . . . . LOGTOFTP
Substitute with user profile . . __________
and password . . . . . . . . . __________
Override NAMEFMT with . . . . . *PATH_ *SAME, *LIB, *PATH
Override CURLIB with . . . . . . __________
Override HOMEDIR with . . . . . _________________________________________
_________________________________________________________________________________
ALLOW ... 0/1=No/Yes
FTP logon . . . . . . . . 1 Receive Files . . . . . . 1
Exit Home Directory . . . 0 Send Files . . . . . . . . 1
Set Current Directory . . 1 Rename Files . . . . . . . 1
Create Directory/Lib . . . 0 Delete Files . . . . . . . 1
Delete Directory/Lib . . . 0 Execute CL Command . . . . 0
Directory/Lib Listing . . 1
|
(Please note that in this case we have restricted this user profile to stay within its home directory)
- The validation list and the SECTCP-defined user profile should now be "connected".
There are two ways to implement such a connection:
- Use WSECTCP, the WEB front-end to control SECTCP.
WSECTCP has a WEB page, named Work with VLDL connectors that makes this job very easy.
- Do it manually, as explained hereafter.
Use DFU to add a record to file SECTCPDATA/VLDLS.
Records of this file provide links between validation lists and user profiles.
Example:
WORK WITH DATA IN A FILE Mode . . . . : ENTRY
Format . . . . : VLDLRCD File . . . . : VLDLS
VLDL name: GROUP1____
VLDL library name: SECTCPDATA
Linked USRPRF name: LOGTOFTP__
Set home directory: Y
|
- VLDL name - Name of a validation list containing usernames/passwords fot FTP logon
- VLDL library name - Library name of this validation list
- Linked USRPRF name - Use profile that will be used for FTP logon
- Set home directory (Y or N) - Whether the initial current directory should be:
/HOME/user_profile_name/validation_list_entry_user_name
Example: /HOME/LOGTOFTP/jsmith
Note 1. By setting the home directory in this way, and specifying "Exit Home Directory . . . 0" in the SECTCP properties for the user profile,
the user can never get out from his assigned home directory.
Note 2. This home directory is automatically created by SECTCP, if not yet existing.
The following describes the process of the FTP logon carried out by SECTCP:
- The user starts FTP
- The user logs on with a username and a password
- SECTCP searches such validation list entry (username & password) in all the validation lists documented in file SECTCPDATA/VLDLS.
- If a matching validation list entry is found, then SECTCP logs to FTP with the user profile linked by the validation list and sets - if required - the proper home directory.
- If no matching validation list entry is found, then the username & password are validated through the user profile system.
|
|
|
|