Configuring the FTP server for anonymous FTP (optional)

You can configure the FTP server to allow users to log in anonymously. A user logs in anonymously by logging in as anonymous instead of as a user ID defined to the system. To enable users to log in anonymously, code the ANONYMOUS statement in the server FTP.DATA data set.

You can specify three levels of anonymous support on the ANONYMOUSLEVEL statement.

  • ANONYMOUSLEVEL 1

    That is, the ANONYMOUS statement is supported. If no operands are specified on the ANONYMOUS statement, the anonymous user needs no password and has access to MVS™ data sets and the z/OS® UNIX file system.

  • ANONYMOUSLEVEL 2

    You should not specify ANONYMOUSLEVEL 2; ANONYMOUSLEVEL 2 is provided for migration purposes only. Consider ANONYMOUSLEVEL 3 if ANONYMOUSLEVEL 1 does not meet your anonymous login security requirements.

  • ANONYMOUSLEVEL 3

    ANONYMOUSLEVEL 3 is the default.If you specify ANONYMOUSLEVEL 3, the anonymous user cannot issue the USER command to leave anonymous mode, nor can another user issue USER anonymous to enter anonymous mode.

    If you specify ANONYMOUSLEVEL 3 and STARTDIRECTORY HFS in FTP.DATA, the following rules apply:
    • The anonymous user's z/OS UNIX file system access is restricted to the anonymous user's home directory and home directory subtrees. The anonymous user's home directory is the home directory of the user ID coded on the ANONYMOUS statement or the home directory of the user ID ANONYMO if you code the ANONYMOUS statement without a user ID.
    • You must create an anonymous directory structure in the z/OS UNIX file system. See Creating an anonymous directory structure in the z/OS UNIX file system for more information.

    If you specify ANONYMOUSLEVEL 3 and STARTDIRECTORY MVS in FTP.DATA, you must create a shadow copy of the /usr/sbin/ftpdns path and file under the home directory of the anonymous user in the z/OS UNIX file system. For more information, see step 2 in Creating an anonymous directory structure in the z/OS UNIX file system

    The ANONYMOUSLEVEL 3 server recognizes additional statements that restrict the anonymous user's access to FTP resources. The following statements are ignored when ANONYMOUSLEVEL is 1 or 2:
    • ANONYMOUSFILEACCESS allows the system programmer to preclude access to either the z/OS UNIX file system or MVS data sets.
    • ANONYMOUSFILETYPEJES, ANONYMOUSFILETYPESQL, and ANONYMOUSFILETYPESEQ control whether the anonymous user can set filetype JES, SQL, or SEQ, respectively.
    • ANONYMOUSHFSFILEMODE defines the mode bits used for files written to the z/OS UNIX file system.
    • ANONYMOUSHFSDIRMODE defines the mode bits used for directories created in the z/OS UNIX file system.
    When ANONYMOUSLEVEL is set to 3, the user's email address is requested in lieu of a password in the following situations:
    • ANONYMOUS is specified without any parameters.
    • ANONYMOUS is specified with user ID/password.
    • ANONYMOUS is specified with user ID/SURROGATE.

You can control the degree of verification of the email address that an anonymous user enters as a password by using the EMAILADDRCHECK keyword in FTP.DATA. See z/OS Communications Server: IP Configuration Reference for details about the EMAILADDRCHECK keyword. The email address entered is logged to the syslog daemon and is also passed to a user exit routine, FTCHKPWD, for user processing.

The FTP server can be defined to process users without passwords by using the ANONYMOUS SURROGATE support. In order to support this, ANONYMOUSLEVEL must be set to 3 in FTP.DATA on the server and BPX.SRV surrogate must be defined in RACF®.

z/OS UNIX uses profiles defined to the RACF SURROGAT class to authorize the server to act as a surrogate of a client. Profiles defined to the SURROGAT class are of the form: 
BPX.SRV.<userid>
in which <userid> is the MVS user ID of the user that the server will support without a password.

The following steps are for a sample user ID of the FTP daemon (the user ID associated with the FTP started task procedure) called FTPD with the ability to support user ID GUEST without a password. As you add more servers, you will need to follow similar procedures.

  1. Activate the SURROGAT class support in RACF: 
    SETROPTS CLASSACT(SURROGAT)

    This has to be done only once on the system. The SURROGAT class may already have been set up on your system. If a daemon or server you are running will be using the SURROGAT support heavily, consider using the RACLIST command to keep the SURROGAT profiles in storage. The following example shows how to cache the SURROGAT profiles in storage:

    SETROPTS RACLIST(SURROGAT)
  2. If the SURROGAT profile is in the RACLIST, any changes to the SURROGAT profiles must be followed by a REFRESH command. To create the SURROGAT class profile for user ID GUEST, issue: 
    RDEFINE SURROGAT BPX.SRV.GUEST UACC(NONE)
SETROPTS RACLIST(SURROGAT) REFRESH

    A similar SURROGAT profile is required for each user ID that a server must support without a password.

  3. To permit the user ID of the FTP daemon (the user ID associated with the FTP started task procedure), FTPD, to create a security environment for user ID GUEST, issue the PERMIT command: 
    PERMIT BPX.SRV.GUEST CLASS(SURROGAT) ID(FTPD) ACCESS(READ)
SETROPTS RACLIST(SURROGAT) REFRESH