The ADMIN.SERVER command allows a system administrator to set security rules on definitions of QMNet public servers and VFS servers.
If name does not correspond to an existing server, the ADMIN.SERVER command will offer to create a new server definition. This will prompt for the network address and optional port number and then enter the screen described below. If a port number is specified, this may be separated from the network address with a colon or a semicolon. If an IPV6 format address is used, which contains colons as part of its syntax, a semicolon must be used before the port number.
The default behaviour of the SET.SERVER or SET.VFS.SERVER command is to create a server definition that may be accessed by all users of the system. There is a potential security weakness here because the slave process started on the remote system to handle the connection runs as the user name specified in the server definition, regardless of the user name of the local user accessing the remote file. Security can be improved by arranging that the user name used for the remote slave process is dependent on the user name or user group of the local user. This can be achieved by use of the ADMIN.SERVER command. Because there is no way in which QM can determine the password for a specific user, it is not possible for the remote server login to automatically using the same user name and password as the session from which QMNet or the VFS is used.
The screen display from this command is as shown below.
The display consists of a series of four line entries with a horizontal separator. Each entry identifies the remote user name that will be used for the remote slave process based on criteria related to the local user accessing the file. When creating a connection, the list is scanned from the top downwards looking for the first entry that is applicable to the user.
In the above example, users logged in to the local system as gsmith or dave will connect to the remote server with user name george. Users who are members of either the operating system user group named admin or the QM user group of the same name will connect as user name root. All other users will connect as user name sales.
If the local user does not meet the conditions set by any entry in the list, connection to the server is not permitted. If a user fits the conditions for more than one entry in the list, the first one found applies.
The default action of the SET.SERVER command is to create a server definition in which the remote user is as specified in the command and the local users field is set to ALL.
To move through the entries in the displayed list, use any of the following keys:
The amend a line, simply type new data or use any of the standard editing keys:
Clearing the remote user name deletes the associated entry.
To insert a new entry, navigate to the bottom of the list and type in new data. The entry can be moved up if necessary with the F2 key.