A second major control applied to FTP Server Exit Programs is the validation of the "directoty" (Directory) object of the client FTP request.

Every time an FTP request is received, the directory (directory) explicitly opr impliciylt mentioned in the request is checked versus a list of allowed directories.
If such directory is not found not in the list of allowed directories, the FTP request is rejected.

NOTE 1 - If the client IP address is detected as being a privileged one, directory checks do not take place and any directory is accepted.

There are two types of allowed directories:

1. Public allowed directories
   Access to these directories is allowed to all the user profiles defined to SECTCP via Work with user profiles.
2. Private allowed directories
   Access to these directories is allowed only to specified SECTCP-defined user profiles.
   Note - Each user profile allowed to access a given private directory can be assigned restrictions on its FTP operations on that directory (example: read-only (receive-only)) through SECTCP-defined data authorities *R, *W, *X.
   Detail information available in the help screens.

Option 4 (Work with allowed directories) from the "Secured Tcp" Menu (see Figure 2) allows to maintain the list of the allowed directories.

The menu for defining allowed directories looks as follow:

                                  Secured FTP                          EASY400  
                         Work with allowed directories                          
                                                                                
  Select one of the following and press Enter                                   
                                                                                
                                                                                
    1. Public allowed directories                                               
                                                                                
    2. Private allowed directories                                              
                                                                                
                                                                                
                                                                                
                                                                                
                                                                                
                                                                                
                                                                                
  Your selection ==>  _                                                          
                                                                                
                                                                                
                                                                                
                                                                                
                                                                                
  F3=Exit  F12=Previous  F22=Command entry                                      
                                                                                
                    

1. To make up a generic directory name, just enter its initial characters. For instance,
   /MMAIL/TEMP will allow access to any directory starting by the same characters, e.g. /mmail/temp/subdirx .
   
2. Directory names imbedding asterisks or ending with an asterisk (e.g. /mmail/temp/sub*) do not work.
3. To allow access to a library, use the IFS notation. As an example, to allow to access library QGPL, enter /QSYS.LIB/QGPL.LIB as an allowed domain.
4. To allow access to all libraries, enter /QSYS.LIB as an allowed domain.
5. By specifying the root directory / as an allowed domain, you allow to access all directories and all libraries in the system.