 |
The Question is:
On an OpenVMS V7.1-2 / UCX V4.2 - ECO 4 platform we use a captive account
starting an application program which fully shields users from the command
prompt. This application program which executes all file
creations/updates/deletes handles all extra autho
rization/security aspects outside VMS (files all have Owner:RWED). However, the
same account is also used for external (non VMS) systems to FTP GET/PUT files.
Via this FTP access, files can be deleted without any restrictions other than
the VMS restrictio
ns. Is there any means of restricting the use of certain FTP commands in a
specific account, so that the use of FTP DELETE can be restricted or blocked
altogether.
The Answer is :
Use another username specific to FTP, or use added ACEs that
conditionalize the handling of batch or network or interactive
modes, or use subsystem identifiers on images (to permit the
deletion), or grant an additional identifier to the user to
permit delete access during the captive login, etc...
|
