The commandPath property
Use the commandPath property to restrict the locations that WebSphere® MQ File Transfer Edition can run commands from.
You can specify a command to be run on the system where the agent is running from the managed transfer and managed call functions of WebSphere MQ File Transfer Edition. See Program invocation for information. However, commands must be on paths referenced by the commandPath agent property.
If the command specified is not fully qualified, WebSphere MQ File Transfer Edition attempts to find a matching command on the command path. If there is more than one matching command on the command path, the first match is used.
By default, the commandPath property is empty so that the agent cannot call any commands. Take extreme care when you set this property because any command in one of the specified commandPaths can effectively be called from a remote client system that is able to send commands to the agent. For this reason, by default, when you specify a commandPath, sandboxing is configured so that all commandPath directories are automatically denied access for a transfer. You can set the sandboxRoot property to override this default behavior, but you are not recommended to do so, because this effectively enables a client to transfer any command to the agent's system and call that command.
commandPath=command_directory_name separator...command_directory_name
commandPath=command_directory_name_or_data_set_name_prefix separator...command_directory_name_or_data_set_name_prefix
- command_directory_name is a directory path for commands that can be run.
- command_directory_name_or_data_set_name_prefix is a z/OS UNIX System Services directory path for commands that can be run, or a data set name prefix, that starts with //. You can choose to use a fully qualified or unqualified data set name prefix (that is, in the form: //'HLQ...' or //HLQ...). Specify partitioned data sets in the form //'HLQ()...' or //HLQ().... Use data sets to specify JCL script commands only.
- separator is the platform-specific separator.
commandPath=/home/user/cmds1:/home/user/cmds2
commandPath=C:\\File Transfer\\commands;C:\\File Transfer\\agent commands
On
a Windows system the separator
character, backslash (\), must be escaped and be entered as a double
backslash (\\). The backslash character (\) can also be replaced with
a forward slash (/).- In the directories /home/user/cmds1 and /home/user/cmds2
- In data sets that start with //'USER.CMD1', //CMD2,
- Members of a fully qualified PDS named //'USER.CMDS'
commandPath=/home/user/cmds1:/home/user/cmds2://'USER.CMD1'://CMD2://'USER.CMDS()'
The commandPath property is described in advanced agent properties.