ANONYMOUS (FTP server) statement
Use the ANONYMOUS statement to allow remote users to log in as anonymous users.
You can use ANONYMOUSLEVEL, ANONYMOUSFILEACCESS, ANONYMOUSFILETYPESQL, ANONYMOUSFILETYPEJES, and ANONYMOUSFILETYPESEQ in conjunction with ANONYMOUSLEVEL 3 to restrict anonymous users' access to data sets and files. Use ANONYMOUSMVSINFO, ANONYMOUSLOGINMSG, ANONYMOUSHFSINFO, and EMAILADDRCHECK to customize the FTP session for anonymous users.
Requirement: If you choose an ANONYMOUSLEVEL value greater than 1, and you choose STARTDIRECTORY HFS, you must create an anonymous directory structure in the z/OS® UNIX. For more information about configuring anonymous logins, see z/OS Communications Server: IP Configuration Guide.
Syntax
Parameters
- user_id
- The security access facility (SAF) identity of the anonymous user.
When a remote user enters ANONYMOUS as a user ID, the FTP server treats
the login request as though the specified user_id was
entered instead of ANONYMOUS. The user is prompted for the password
to user_id. If the user enters the correct
password or password phrase, the user is logged in as the specified user_id.
If you are using RACF®, the system builds a user accessor environment element (ACEE), and the ANONYMOUS user has access to any resources available to the specified user ID.
- user_id/password
- The security access facility (SAF) identity and password the FTP
server uses for anonymous user. When a remote user enters ANONYMOUS
as the user ID, the FTP server treats the login request as though
the specified user_id was entered instead
of ANONYMOUS. The FTP server automatically provides the password for
the specified user_id and the user is logged
in as the specified user_id. If you are
using RACF, the system builds
the user ACEE for the specified user_id and
the ANONYMOUS user has authorized access to the same resources as
the specified user_id.
If ANONYMOUSLEVEL 3 is specified, the behavior is different. See ANONYMOUSLEVEL (FTP server) statement for details.
Restriction: Do not code a password phrase as password.
- user_id/SURROGATE
-
Allows a remote user to enter ANONYMOUS as a user ID. When ANONYMOUS is entered as the user ID, the FTP server treats the login request as though the specified user_ID was entered instead of ANONYMOUS. The FTP Server calls RACF and checks if this user_ID is allowed to login without a password or password phrase.
Requirement: In order to use this option, ANONYMOUSLEVEL must be greater or equal to 3. See ANONYMOUSLEVEL (FTP server) statement for details.
Examples
ANONYMOUS TERMABC/ILLBBACK
- If you code ANONYMOUSLEVEL 3 in FTP.DATA, you can code additional statements to configure ANONYMOUS support and security. See Related topics for more information.
- If you specify a user ID on the ANONYMOUS statement, that user ID must be defined and have a z/OS UNIX segment defined or set to the default value.
- If you code the ANONYMOUS statement without a user ID, the user ID ANONYMO must be defined and must have a z/OS UNIX segment defined or set to the default value.
- If you code the ANONYMOUS statement without a user ID:
- The end user is not prompted for a password.
- If you are using the FTCHKPWD user exit,
- the exit is called with user ID ANONYMO and password *.
- If ANONYMOUSLEVEL 3 is coded in FTP.DATA and the FTP server prompts the FTP client for an email address, the email address is passed to the exit as the userdata parameter.
- The user ID ANONYMO and the STARTDIRECTORY statement in FTP.DATA determine the initial working directory. See initial working directory considerations at the z/OS FTP server in the z/OS Communications Server: IP User's Guide and Commands for more information.
- The initial working directory is ANONYMO when the STARTDIRECTORY MVS™ statement is coded in FTP.DATA.
- The initial working directory is the home directory for the ANONYMO user ID when the STARTDIRECTORY HFS statement is coded in FTP.DATA.
- If you are using RACF, a user who logs in as 'anonymous' has access to any resources accessible to the ANONYMO user ID.
- If you code the ANONYMOUS statement with a user ID, the user ID you coded and the STARTDIRECTORY statement determine the initial working directory. See initial working directory considerations at the z/OS FTP server in the z/OS Communications Server: IP User's Guide and Commands for more information.
- There is no default for ANONYMOUS. If you do not code the ANONYMOUS statement in FTP.DATA, users are not allowed to log in anonymously.
- See z/OS Communications Server: IP Configuration Guide for more information about anonymous FTP logins.
- When ANONYMOUS is enabled, it is recommended that ANONYMOUSLEVEL be set to 3 and ANONYMOUSFILETYPEJES be set to FALSE. Otherwise, anonymous users can submit jobs to the system. You can use IBM® Health Checker CSAPP_FTPD_ANONYMOUS_JES to detect whether anonymous users can submit jobs to the system. For more details about IBM Health Checker, see z/OS Communications Server: IP Diagnosis Guide.
- ANONYMOUSLEVEL (FTP server) statement
- ANONYMOUSFILEACCESS (FTP server) statement
- ANONYMOUSFILETYPEJES (FTP server) statement
- ANONYMOUSHFSFILEMODE (FTP server) statement
- ANONYMOUSHFSDIRMODE (FTP server) statement
- ANONYMOUSHFSINFO (FTP server) statement
- ANONYMOUSLOGINMSG (FTP server) statement
- ANONYMOUSMVSINFO (FTP server) statement
- ANONYMOUSFILETYPESEQ (FTP server) statement
- ANONYMOUSFILETYPESQL (FTP server) statement
- EMAILADDRCHECK (FTP server) statement
- STARTDIRECTORY (FTP server) statement
- The FTCHKPWD user exit