By default an IceBreak server runs with the BLUEBOXUSR for development. When you switch to production, it is recommenced to also switch the default user profile to WEBGUEST which is a user with very limited access.
By default WEBGUEST is excluded from all features in the IceBreak / system hive.
And you can use the same approach for your application – and this is how IceBreak is set up initially:
/* By default - nothing in icebreak can be used by the WEBGUEST .. unless */
GRTOBJAUT OBJ(&lib/*ALL) OBJTYPE(*PGM) USER(WEBGUEST) AUT(*EXCLUDE)
/* .. unless the following: - basic web features */
GRTOBJAUT OBJ(&lib/SVC010 ) OBJTYPE(*PGM) USER(WEBGUEST) AUT(*USE)
GRTOBJAUT OBJ(&lib/SVC017 ) OBJTYPE(*PGM) USER(WEBGUEST) AUT(*USE)
GRTOBJAUT OBJ(&lib/SVC911 ) OBJTYPE(*PGM) USER(WEBGUEST) AUT(*USE)
/* .. Or the default login, document and the error handler */
GRTOBJAUT OBJ(&lib/SVCLOGON ) OBJTYPE(*PGM) USER(WEBGUEST) AUT(*USE)
GRTOBJAUT OBJ(&lib/index ) OBJTYPE(*PGM) USER(WEBGUEST) AUT(*USE)
GRTOBJAUT OBJ(&lib/SVCDEFAUL2 ) OBJTYPE(*PGM) USER(WEBGUEST) AUT(*USE)
You can also use the same approach for resources on the IFS.
Re: Setting up an IceBreak server for secure production
Hi,
By default an IceBreak server runs with the BLUEBOXUSR for development. When you switch to production, it is recommenced to also switch the default user profile to WEBGUEST which is a user with very limited access.
By default WEBGUEST is excluded from all features in the IceBreak / system hive.
And you can use the same approach for your application – and this is how IceBreak is set up initially:
You can also use the same approach for resources on the IFS.
Best regards,
Niels Liisberg