This article discusses the steps for preventing users from accessing
the REXEC server.
If you do not want your system to accept commands from an
REXEC client, do the following to prevent the REXEC server from running:
- To prevent REXEC server jobs from starting automatically when you
start TCP/IP, type the following: CHGRXCA AUTOSTART(*NO)
AUTOSTART(*NO) is the default value.
- To prevent someone from associating a user application, such as
a socket application, with the port that the system normally uses for REXEC,
do the following:
- Type GO CFGTCP to display the Configure
TCP/IP menu.
- Select option 4 (Work with TCP/IP port
restrictions).
- On the Work with TCP/IP Port Restrictions display, specify option 1 (Add).
- For the lower port range, specify 512.
- For the upper port range, specify *ONLY.
Note: The port restriction takes effect the next time that you start
TCP/IP. If TCP/IP is active when you set the port restrictions, you should
end TCP/IP and start it again.
- For the protocol, specify *TCP.
- For the user profile field, specify a user profile name that
is protected on your system. (A protected user profile is a user profile that
does not own programs that adopt authority and does not have a password that
is known by other users.) By restricting the port to a specific user, you
automatically exclude all other users.