Migrating to OS/2 Warp Server for e-business

3.11 Remove Local Security

If you are running OS/2 LAN Server Advanced, you may have installed the Local Security Feature for HPFS386 (referred to as Local Security).

While permissions set for a resource usually apply only to remote users accessing the resource from different workstations, Local Security extends access restrictions to local users working at the server. It protects all files on the server's HPFS386 partitions from unauthorized local access. Files stored on FAT partitions are not protected by Local Security. However, they are still protected from remote access by unauthorized users. Administrators have permissions for all files on the server and are not subject to access control permissions once they are authenticated.

Local Security also checks file permissions when you run a program that accesses files. Programs that need access to system files (such as BACKACC) or even to the complete hard disk (backup programs) would autologon with administrator rights or gain access by the PRIV utility.

If you are using Local Security on at least one of the HPFS386-formatted partitions, you must deactivate it before migrating to OS/2 Warp Server for e-business by doing the following:

In the CONFIG.SYS file change the line

PROTSHELL=C:\IBMLAN\NETPROG\SECURESH.EXE C:\OS2\PMSHELL.EXE

to:

C:\IBMLAN\NETPROG\SECURESH.EXE

to remove the local logon procedure.

Run the PREPACL utility to remove the access control information supplied by Local Security. Section 3.15 Remove HPFS386 Access Controls describes how to use PREPACL.
Important

If you omit this step, you will not be able to access any directories belonging to the OS/2 subtree.
Reboot the server afterwards.

Important
If you omit this step, you will not be able to access any directories belonging to the OS/2 subtree.

During the installation process, the Local Security code will be automatically upgraded.

3.12 Backup Directory Limits