04d - IFS (EN)

NetServer for everyone – part 2

Share IFS resources

In the first article NetServer for everyone – part 1 we introduced the main concepts about NetServer and the instructions for configuring it and managing its startup and shutdown.

In this second article we talk about how to share IFS resources and make them available for client access via network resources.

Remember that you do not need to install any additional software on your PC to use the resources shared with the IBM i NetServer.

Share with Navigator for i

You must log on to Navigator for i as a user who has at least *IOSYSCFG special authority.

For more information on using Navigator for i you can consult the video tutorial Power Coffee 1/2022 .

From the icon File system choose the voice File shares.

The already shared resources are listed:

From the button Actions choose the voice New file share…

The essential configurations for sharing an IFS folder are highlighted in the following figure:

  • share name: it is the name with which the resource will be visible in the network resources. No.B. the maximum length of the name is 12 characters .
  • “read-only” or “read/write” access to the share
  • type in the path name or choose with the button Browse the IFS folder you want to share.

Since IBM i version 7.5 it is possible to protect shared resources using authorization lists (see the previous figure for the parameter Authorization list ). For more information, see the documentation on page https://www.ibm.com/docs/en/i/7.5?topic=security-using-authorization-lists-restrict-usage-by-user .

Sharing the root or IFS root is STRONGLY NOT RECOMMENDED. Sharing the root means giving access via NetServer to all IBM i file systems including also the QSYS.LIB file system (that is, the libraries and all the objects they contain).
Sharing the read/write root and using a guest profile ID in the NetServer configuration exposes IBM i resources to a very serious security risk.
It is recommended to only share resources that are needed!

From IBM NetServer Best Practices

Share QDLS file system resources

If you are sharing a file system resource QDLS extension users who will need to access it must be subscribed to the system directory. Although in general it is now discouraged to use this much more limited file system than the root file system.
To subscribe a user to the system directory use option 21 from the PCSTSK menu or the command ADD .

Share QOpenSys file system resources

Unlike other file systems, QOpenSys file system is case sensitive . So eg the files MYFILE.TXT, MyFile.txt and myfile.txt are different.

No.B. All PC clients supported by IBM NerServer are case-insensitive and filenames are converted to uppercase by default.
In the example of the above 3 files in the shared resources only the file MYFILE.TXT would be recognized.

Hide the shared resource

Shared resources can be hidden by adding the suffix $ to the share name. So you will be able to access the resource only by knowing its name, but it will not be shown when browsing network resources.

Share with APIs

It is also possible to manage resource sharing by calling the APIs:

  • Sharing a folder: CALL QZLSADFS PARM(share-name 'folder-path' x'00000005' x'00000000' 'shared-description' x'00000001' x'ffffffff' x'00000000')
    The third parameter is the length of the string ‘folder-path’
    The sixth parameter set share permission (2 for read/write, 1 for read only)
  • Unsharing a folder: CALL QZLSRMS PARM(share-name x'00000000')

Monitor your shares

It is very important to share only the strictly necessary resources. So it makes sense to have a clear picture of what resources have been shared. From the IBM i version 7.3 SF99703 lev. 22 and 7.4 SF99704 lev. 10 the SQL service is also available SERVER_SHARE_INFO which allows us to extract the list of shared resources with a simple query.

select SERVER_SHARE_NAME "Share Name", PATH_NAME "Path", TEXT_DESCRIPTION "Description", PERMISSIONS "Permissions", CURRENT_CONNECTIONS "Current Connections" from SERVER_SHARE_INFO where SHARE_TYPE = 'FILE' order by 1;

Further information can be found in Power Coffee 2/2020 .

Bibliography

The main page of the IBM documentation on NetServer can be consulted at this link: https://www.ibm.com/docs/en/i/7.5?topic=services-i-netserver . Other useful resources can be found in the attached document:

In the next article we will talk about NetTools : A library of 5250 session commands to manage and configure the NetServer.

Related Posts
NetServer for everyone – part 1

A mini-serial guide to configuring, managing, using, and troubleshooting the IBM i NetServer

NetServer for everyone – part 3

A mini-serial guide to configuring, managing, using, and troubleshooting the IBM i NetServer

NetServer for everyone – part 4

A mini-serial guide to configuring, managing, using, and troubleshooting the IBM i NetServer

NetServer for everyone – part 5

A mini-serial guide to configuring, managing, using, and troubleshooting the IBM i NetServer

About author

IBM i's mentor IBM Champion 2021 for Power Systems

Leave a Reply

Your email address will not be published. Required fields are marked *