ANONYMOUS (FTP server) statement

Use the ANONYMOUS statement to allow remote users to log in as anonymous users.

You can use ANONYMOUSLEVEL, ANONYMOUSFILEACCESS, ANONYMOUSFILETYPESQL, ANONYMOUSFILETYPEJES, and ANONYMOUSFILETYPESEQ in conjunction with ANONYMOUSLEVEL 3 to restrict anonymous users' access to data sets and files. Use ANONYMOUSMVSINFO, ANONYMOUSLOGINMSG, ANONYMOUSHFSINFO, and EMAILADDRCHECK to customize the FTP session for anonymous users.

Requirement: If you choose an ANONYMOUSLEVEL value greater than 1, and you choose STARTDIRECTORY HFS, you must create an anonymous directory structure in the z/OS® UNIX. For more information about configuring anonymous logins, see z/OS Communications Server: IP Configuration Guide.

Syntax

Read syntax diagramSkip visual syntax diagramANONYMOUSuser_iduser_id/passworduser_id/SURROGATE

Parameters

user_id
The security access facility (SAF) identity of the anonymous user. When a remote user enters ANONYMOUS as a user ID, the FTP server treats the login request as though the specified user_id was entered instead of ANONYMOUS. The user is prompted for the password to user_id. If the user enters the correct password or password phrase, the user is logged in as the specified user_id.

If you are using RACF®, the system builds a user accessor environment element (ACEE), and the ANONYMOUS user has access to any resources available to the specified user ID.

user_id/password
The security access facility (SAF) identity and password the FTP server uses for anonymous user. When a remote user enters ANONYMOUS as the user ID, the FTP server treats the login request as though the specified user_id was entered instead of ANONYMOUS. The FTP server automatically provides the password for the specified user_id and the user is logged in as the specified user_id. If you are using RACF, the system builds the user ACEE for the specified user_id and the ANONYMOUS user has authorized access to the same resources as the specified user_id.

If ANONYMOUSLEVEL 3 is specified, the behavior is different. See ANONYMOUSLEVEL (FTP server) statement for details.

Restriction: Do not code a password phrase as password.

user_id/SURROGATE

Allows a remote user to enter ANONYMOUS as a user ID. When ANONYMOUS is entered as the user ID, the FTP server treats the login request as though the specified user_ID was entered instead of ANONYMOUS. The FTP Server calls RACF and checks if this user_ID is allowed to login without a password or password phrase.

Requirement: In order to use this option, ANONYMOUSLEVEL must be greater or equal to 3. See ANONYMOUSLEVEL (FTP server) statement for details.

Examples

Allow a remote user to enter ANONYMOUS as a user ID and be connected to the server system with the user ID of TERMABC:
ANONYMOUS TERMABC/ILLBBACK
Tip:
  • If you code ANONYMOUSLEVEL 3 in FTP.DATA, you can code additional statements to configure ANONYMOUS support and security. See Related topics for more information.
Requirements:
  • If you specify a user ID on the ANONYMOUS statement, that user ID must be defined and have a z/OS UNIX segment defined or set to the default value.
  • If you code the ANONYMOUS statement without a user ID, the user ID ANONYMO must be defined and must have a z/OS UNIX segment defined or set to the default value.
Results:
  • If you code the ANONYMOUS statement without a user ID:
    • The end user is not prompted for a password.
    • If you are using the FTCHKPWD user exit,
      • the exit is called with user ID ANONYMO and password *.
      • If ANONYMOUSLEVEL 3 is coded in FTP.DATA and the FTP server prompts the FTP client for an email address, the email address is passed to the exit as the userdata parameter.
    • The user ID ANONYMO and the STARTDIRECTORY statement in FTP.DATA determine the initial working directory. See initial working directory considerations at the z/OS FTP server in the z/OS Communications Server: IP User's Guide and Commands for more information.
    • The initial working directory is ANONYMO when the STARTDIRECTORY MVS™ statement is coded in FTP.DATA.
    • The initial working directory is the home directory for the ANONYMO user ID when the STARTDIRECTORY HFS statement is coded in FTP.DATA.
    • If you are using RACF, a user who logs in as 'anonymous' has access to any resources accessible to the ANONYMO user ID.
  • If you code the ANONYMOUS statement with a user ID, the user ID you coded and the STARTDIRECTORY statement determine the initial working directory. See initial working directory considerations at the z/OS FTP server in the z/OS Communications Server: IP User's Guide and Commands for more information.
  • There is no default for ANONYMOUS. If you do not code the ANONYMOUS statement in FTP.DATA, users are not allowed to log in anonymously.
  • See z/OS Communications Server: IP Configuration Guide for more information about anonymous FTP logins.
  • When ANONYMOUS is enabled, it is recommended that ANONYMOUSLEVEL be set to 3 and ANONYMOUSFILETYPEJES be set to FALSE. Otherwise, anonymous users can submit jobs to the system. You can use IBM® Health Checker CSAPP_FTPD_ANONYMOUS_JES to detect whether anonymous users can submit jobs to the system. For more details about IBM Health Checker, see z/OS Communications Server: IP Diagnosis Guide.