Re: Restricting UPLOAD

[ Follow Ups ] [ Post Followup ] [ IOF Q&A Message Board ] [ FAQ ]

Posted by Jim Walker on March 05, 2008 at 11:45:46:

In Reply to: Restricting UPLOAD posted by Mike on March 03, 2008 at 17:15:07:

: I see how the UPLOAD command can be restricted in totality, but can we restrict just the UPLOAD DIRECTORY function? We had a situation where a user who didn't know what they were doing, issue the UPLOAD DIRECTORY command several times and almost wiped out our SPOOL space. I don't want to take away their ability to upload their old output but I don't want to give them the ability to load massive amounts of output, whether by intention or mistake.

Unfortunately UPLOAD has few controls. It is pretty much YES or NO. But that shouldn't be too hard to control.

For starters, you could remove the "U" option from the VIOFUPL5 panel. Of course that would remove it for everyone.

Or you could remove "U" from the IOF$UP2 clist. I don't know what release of IOF you are running, but the 8C version with line numbers is:
000538 ISPEXEC TBDISPL DIRFILES PANEL(VIOFUPL5) CURSOR(PCMD) POSITION(DFIPO
000539 SET DCC = &LASTCC
000540 DO WHILE &ZTDSELS GT 0 /* Process selected directories */
000541 SET LCM1 = &SUBSTR(1,&LCMD)
000542 IF &LCM1 = D THEN DO
000543 ISPEXEC CONTROL DISPLAY SAVE
000544 SYSCALL DIRDEL '&DIRNAME'
000545 ISPEXEC CONTROL DISPLAY RESTORE
000546 SET ACTION = DELETED
000547 SET DELRUN = YES
000548 SET LCMD = &STR(_)
000549 ENDO
000550 ELSE IF &LCM1 = I OR &LCM1 = S THEN DO
000551 SET LCMD = &STR(_)
000552 IF &ACTION EQ &STR() THEN DO
000553 ALLOC FILE(DIRFILE) SHR DA('&DIRNAME') REUSE
000554 SET SCC = &LASTCC
000555 IF &SCC = 0 THEN DO
000556 SYSCALL BUILDTBL
000557 SET ACTION = INCLUDED
000558 FREE FILE(DIRFILE)
000559 ENDO
000560 ENDO
000561 ENDO
000562 ELSE IF &LCM1 = U THEN DO <=============== Here is "U"
000563 SET LCMD = &STR(_)
000564 ALLOC FILE(DIRFILE) SHR DA('&DIRNAME') REUSE
000565 SET SCC = &LASTCC
000566 IF &SCC = 0 THEN DO
000567 SYSCALL UPALL
000568 SET ACTION = UPLOADED
000569 FREE FILE(DIRFILE)
000570 SET DELRUN = YES
000571 ENDO
000572 ENDO

Or you could modify the UPALL subroutine to check userids, etc. And if the userid isn't on a list of authorized users you could refuse to do this.

Follow Ups:

Post a Followup

Name:

What is the MVS job entry subsystem supported by IOF?
We ask this question to reduce bogus postings to this bulletin board
Answer:

E-Mail:

Subject:

Comments:
: : I see how the UPLOAD command can be restricted in totality, but can we restrict just the UPLOAD DIRECTORY function? We had a situation where a user who didn't know what they were doing, issue the UPLOAD DIRECTORY command several times and almost wiped out our SPOOL space. I don't want to take away their ability to upload their old output but I don't want to give them the ability to load massive amounts of output, whether by intention or mistake. : Unfortunately UPLOAD has few controls. It is pretty much YES or NO. But that shouldn't be too hard to control. : For starters, you could remove the "U" option from the VIOFUPL5 panel. Of course that would remove it for everyone. : Or you could remove "U" from the IOF$UP2 clist. I don't know what release of IOF you are running, but the 8C version with line numbers is: : 000538 ISPEXEC TBDISPL DIRFILES PANEL(VIOFUPL5) CURSOR(PCMD) POSITION(DFIPO : 000539 SET DCC = &LASTCC : 000540 DO WHILE &ZTDSELS GT 0 /* Process selected directories */ : 000541 SET LCM1 = &SUBSTR(1,&LCMD) : 000542 IF &LCM1 = D THEN DO : 000543 ISPEXEC CONTROL DISPLAY SAVE : 000544 SYSCALL DIRDEL '&DIRNAME' : 000545 ISPEXEC CONTROL DISPLAY RESTORE : 000546 SET ACTION = DELETED : 000547 SET DELRUN = YES : 000548 SET LCMD = &STR(_) : 000549 ENDO : 000550 ELSE IF &LCM1 = I OR &LCM1 = S THEN DO : 000551 SET LCMD = &STR(_) : 000552 IF &ACTION EQ &STR() THEN DO : 000553 ALLOC FILE(DIRFILE) SHR DA('&DIRNAME') REUSE : 000554 SET SCC = &LASTCC : 000555 IF &SCC = 0 THEN DO : 000556 SYSCALL BUILDTBL : 000557 SET ACTION = INCLUDED : 000558 FREE FILE(DIRFILE) : 000559 ENDO : 000560 ENDO : 000561 ENDO : 000562 ELSE IF &LCM1 = U THEN DO <=============== Here is "U" : 000563 SET LCMD = &STR(_) : 000564 ALLOC FILE(DIRFILE) SHR DA('&DIRNAME') REUSE : 000565 SET SCC = &LASTCC : 000566 IF &SCC = 0 THEN DO : 000567 SYSCALL UPALL : 000568 SET ACTION = UPLOADED : 000569 FREE FILE(DIRFILE) : 000570 SET DELRUN = YES : 000571 ENDO : 000572 ENDO : Or you could modify the UPALL subroutine to check userids, etc. And if the userid isn't on a list of authorized users you could refuse to do this.

Optional Link URL:
Link Title:
Optional Image URL:

[ Follow Ups ] [ Post Followup ] [ IOF Q&A Message Board ] [ FAQ ]