Secure the integrated file system

The integrated file system provides you with multiple ways to store and view information on the system.

The integrated file system is a part of the i5/OS™ operating system that supports stream input and output operations. It provides storage management methods that are similar to, and compatible with, personal computer operating systems and UNIX® operating systems.

With the integrated file system, all objects on the system can be viewed from the perspective of a hierarchical directory structure. However, in most cases, users view objects in the way that is most common for a particular file system. For example, standard system objects are in the QSYS.LIB file system. Typically, users view these objects from the perspective of libraries. Users typically view objects in the QDLS file system from the perspective of documents within folders. The "root" (/), QOpenSys, and user-defined file systems present a structure of hierarchical directories.

As a security administrator, you need to understand:

The "root" (/) file system acts as a foundation for all other file systems on IBM® Systems. At a high level, it provides an integrated view of all of the objects on the system. Other file systems that can exist on IBM Systems provide varying approaches to object management and integration, depending on the underlying purpose of each file system. The QOPT (optical) file system, for example, allows system applications and servers, including the iSeries™ Access for Windows® file server, to access the CD-ROM drive on the system. Similarly, the QFileSvr.400 file system allows applications to access integrated file system data on remote systems. The QLANSrv file server allows access to files stored on Integrated xSeries® Server for iSeries or other connected servers in the network.

The security approach for each file system depends on the data that the file system makes available. The QOPT file system, for example, does not provide object-level security because no technology exists to write authority information to a CD-ROM. For the QFileSvr.400 file system, access control occurs at the remote system, where the files are physically stored and managed. For file systems like QLANSrv, the Integrated xSeries Server for iSeries provides access control. Despite the differing security models, many file systems support consistent management of access control through the integrated file system commands, such as Change Authority (CHGAUT) and Change Owner (CHGOWN).