ANONYMOUSLEVEL (FTP server) statement

Use the ANONYMOUSLEVEL statement to set the type of access permitted to users who log in as anonymous users.

Syntax

Parameters

1

Anonymous logins are as documented in the ANONYMOUS statement. Anonymous users are not affected by the keywords and function of the following:

ANONYMOUSFILETYPESEQ
ANONYMOUSFILETYPEJES
ANONYMOUSFILETYPESQL
ANONYMOUSFILEACCESS
ANONYMOUSHFSFILEMODE
ANONYMOUSHFSDIRMODE
EMAILADDRCHECK

2

Anonymous logins are allowed as documented in ANONYMOUS (FTP server) statement, except that the anonymous user's root directory is set with the UNIX call chroot() to the anonymous userid home directory. This confines the anonymous user's z/OS® UNIX access to the anonymous userID home directory and its subdirectories. A umask of 777 is used for all files and directories created by anonymous users.

3

Anonymous logins are allowed as is documented in the ANONYMOUS statement, but more control is given to customize access. This is the default.

The FTP.DATA statements used to give this control are:

ANONYMOUSFILETYPESEQ
ANONYMOUSFILETYPEJES
ANONYMOUSFILETYPESQL
ANONYMOUSFILEACCESS
ANONYMOUSHFSFILEMODE
ANONYMOUSHFSDIRMODE
EMAILADDRCHECK

The UNIX call chroot() is used to set the anonymous user's root directory to that user's home directory.

Instead of establishing a fixed UMASK for files and directories created by the anonymous user, the permission bits for files and directories are as defined by the ANONYMOUSHFSFILEMODE and ANONYMOUSHFSDIRMODE statements.

FTP clients are not allowed to issue the USER command to enter or leave anonymous login mode.

The password prompting behavior for anonymous users is different than for ANONYMOUSLEVEL 1 and 2. When the ANONYMOUS statement is coded with no user ID or password, the FTP server prompts the user to enter an e-mail address as a password. When the ANONYMOUS statement is coded with a user ID, the FTP server prompts the user to enter a password, as documented in ANONYMOUS (FTP server) statement. When the ANONYMOUS statement is coded with a user ID and password, the user is prompted to enter an e-mail address as a password. Control the degree of e-mail address validation with the EMAILADDRCHECK password.

When customizing FTP server to support ANONYMOUS logins, FTP server supports a way to avoid placing a plain-text password in the ANONYMOUS statement by supporting a special parameter, SURROGATE. This is shown in the following example:

ANONYMOUS userid/SURROGATE

For more information about anonymous logins, see z/OS Communications Server: IP Configuration Guide or ANONYMOUS (FTP server) statement.

Requirement: In order to support this function, the FTP user ID must be defined to process users without passwords.

Examples

Set the anonymous environment to use controls for accessing different resources:

ANONYMOUSLEVEL 3

Usage notes

For ANONYMOUSLEVEL 2 and greater, when STARTDIRECTORY is z/OS UNIX, you must create a specific directory structure and contents within the anonymous user's home directory. This directory structure is needed so the FTP client maintains addressability to needed executable applications after the chroot() is executed. See z/OS Communications Server: IP Configuration Guide for details about creating the required directory structure.
If you specify ANONYMOUSLEVEL 3 and either ANONYMOUS with no parameters or ANONYMOUS with both user ID and password, the user is prompted for an e-mail address to log in to FTP. The EMAILADDRCHECK keyword controls the extent to which the e-mail address entered is validated. See EMAILADDRCHECK (FTP server) statement for more information.
When ANONYMOUS is enabled, it is recommended that ANONYMOUSLEVEL be set to 3 and ANONYMOUSFILETYPEJES be set to FALSE. Otherwise, anonymous users can submit jobs to the system. You can use IBM® Health Checker CSAPP_FTPD_ANONYMOUS_JES to detect whether anonymous users can submit jobs to the system. For more details about IBM Health Checker, see z/OS Communications Server: IP Diagnosis Guide.