/
UCMD_REQUEST - UCMD UACL Entry

UCMD_REQUEST - UCMD UACL Entry

Nov 29, 2022

 Description

A UCMD_REQUEST UACL entry allows or denies access to Universal Command Server services based on client identification and request type.

If access is permitted, the UCMD_REQUEST also specifies whether or not user authentication is required.


There are two forms of the UCMD_REQUEST entry based on the client identification method:

  • ucmd_request form is for IP-based client identification.

  • ucmd_cert_request is for X.509 certificate-based client identification.


A ucmd_request UACL entry is matched if all of the following occur:

  • Request comes from an IP address identified by host.

  • Remote end is executing as user remote_user.

  • Remote user is requesting to execute a command as local user local_user.


A ucmd_cert_request UACL entry is matched if both of the following occur:

  • Request comes from a client with a certificate identifier of certid.

  • Remote user is requesting to execute a command as local user local_user.


The first matching rule is used to control access.

Usage

Method

Syntax

IBM i

UNIX

Windows

z/OS

UACL File Keyword

ucmd_request host,remote_user,local_user,req_type,req_name,access,auth

UACL File Keyword

ucmd_cert_request certid,local_user,req_type,req_name,access,auth

Values

req_type

req_type specifies the type of request that the Universal Command Manager is requesting.

Valid values for req_type are:

Value

Description

IBM i

Windows

UNIX

z/OS

Value

Description

IBM i

Windows

UNIX

z/OS

cmd

IBM i command (may be user-defined).

 

 

 

rexx

Single line consisting entirely of REXX statements (maximum 1000 bytes).

 

 

 

cmdref

Request is for the execution of a command reference.

  • req_name is the command reference name, which is case insensitive.
     

shell

Request is for the execution of a shell command or shell script:

  • For a shell command, req_name is the name of the command.

  • For a shell script, req_name is empty.

 

stc

Request is for the execution of a started task.

  • req_name is the started task command, which is case insensitive.

 

 

 

req_name

req_name further qualifies the request by its specified name.

Valid values for req_name depend on the req_type value.

req_name includes any options provided by the Universal Command Manager.

 For Example

HTML

This command will not match the following UACL entry:

ucmd_request ALL,*,*,cmdref,cmd3,allow,auth

Since the options o1 and o2 are part of the request name field, the UACL entry must be written as:

ucmd_request "ALL,*,*,cmdref,cmd3*,allow,auth"

access

Valid values for access are:

  • deny
    Service is denied. A message is returned to the remote end. The connection is closed.

  • allow
    Service is accepted and processed.

auth

Valid values for auth are: