550: Command command fails: access to resource is denied by server.
Explanation
One of the following situations
occurred:
- The FTP server received a command from an anonymous user. The command arguments specify an MVS™ or z/OS® UNIX resource, such as a z/OS UNIX directory or MVS partitioned data set. Whichever file system the resource belongs to, the FTP server is configured to reject anonymous user access to that file system.
- The FTP server received a command from an anonymous user. The command arguments specify a z/OS UNIX named pipe. Anonymous users are not allowed to access named pipes.
- The FTP user tried to access a z/OS UNIX file system while the SAF SERVAUTH class was active, and that user was not permitted access to the resource profile EZB.FTP.sysname.ftpdaemonname.ACCESS.HFS. If the resource profile EZB.FTP.sysname.ftpdaemonname.ACCESS.HFS is defined in class SERVAUTH, FTP users must have read access to that profile to be able to access the z/OS UNIX file system through the FTP server. Check for errors in the security product indicating that the user does not have read access to this resource.
In the message text:
- command
- The command that failed.
Example
Command:
user anonymous
>>> USER anonymous
331 Send password please.
PASSWORD:
>>> PASS
230 'ANONYMOUS' logged on. Working directory is "USER2.".
Command:
put /etc/hosts /tmp/named.pipe
>>> PORT 9,2,1,3,4,10
200 Port request OK.
>>> STOR /tmp/named.pipe
550 Command STOR fails: access to resource is denied by server.
Command:System action
The command command is rejected. The FTP server waits for the next command.
User response
Report the error to the system programmer.
System programmer response
If the user
logged in anonymously,
- Inspect the default or explicitly coded value of ANONYMOUSFILEACCESS in the server's FTP.DATA. See z/OS Communications Server: IP Configuration Reference for information about ANONYMOUSFILEACCESS values. Change ANONYMOUSFILEACCESS to a value appropriate for your site. Stop the FTP server, then start it again, to enable the new ANONYMOUSFILEACCESS value.
- Determine whether the command arguments specified a named pipe. If you decide that the user should have access to the named pipe, direct the user to log in as a known user. Anonymous users are never allowed access to named pipes.
Check for errors in the security product indicating that the user does not have read access to the resource profile EZB.FTP.sysname.ftpdaemonname.ACCESS.HFS. If you want the user to have access to any z/OS UNIX file system, grant the user read access to that profile.
Rule: To access the z/OS UNIX file system, the user must log in again after access to the profile has been granted, and after the SERVAUTH class has been refreshed.
Problem determination
See the system programmer response.
Source
z/OS Communications Server TCP/IP: FTP