HP OpenVMS Systems

ask the wizard
Content starts here

Captive vs Network File Access?

» close window

The Question is:

On an OpenVMS V7.1-2 / UCX V4.2 - ECO 4 platform we use a captive account
 starting an application program which fully shields users from the command
 prompt. This application program which executes all file
 creations/updates/deletes handles all extra autho
rization/security aspects outside VMS (files all have Owner:RWED). However, the
 same account is also used for external (non VMS) systems to FTP GET/PUT files.
 Via this FTP access, files can be deleted without any restrictions other than
 the VMS restrictio
ns. Is there any means of restricting the use of certain FTP commands in a
 specific account, so that the use of FTP DELETE can be restricted or blocked

The Answer is :

  Use another username specific to FTP, or use added ACEs that
  conditionalize the handling of batch or network or interactive
  modes, or use subsystem identifiers on images (to permit the
  deletion), or grant an additional identifier to the user to
  permit delete access during the captive login, etc...

answer written or last revised on ( 23-AUG-2000 )

» close window