Explanation
One of the following situations
occurred:
- The FTP server received a command from an anonymous user. The
command arguments specify an MVS™ or z/OS® UNIX resource,
such as a z/OS UNIX directory or MVS partitioned
data set. Whichever file system the resource belongs to, the FTP
server is configured to reject anonymous user access to that file
system.
- The FTP server received a command from an anonymous user. The
command arguments specify a z/OS UNIX named pipe. Anonymous users
are not allowed to access named pipes.
- The FTP user tried to access a z/OS UNIX file system while the SAF SERVAUTH
class was active, and that user was not permitted access to the resource
profile EZB.FTP.sysname.ftpdaemonname.ACCESS.HFS. If
the resource profile EZB.FTP.sysname.ftpdaemonname.ACCESS.HFS
is defined in class SERVAUTH, FTP users must have read access to that
profile to be able to access the z/OS UNIX file system through the FTP
server. Check for errors in the security product indicating that the
user does not have read access to this resource.
In the message text:
- command
- The command that failed.
Example
Command:
user anonymous
>>> USER anonymous
331 Send password please.
PASSWORD:
>>> PASS
230 'ANONYMOUS' logged on. Working directory is "USER2.".
Command:
put /etc/hosts /tmp/named.pipe
>>> PORT 9,2,1,3,4,10
200 Port request OK.
>>> STOR /tmp/named.pipe
550 Command STOR fails: access to resource is denied by server.
Command:
System action
The command command
is rejected. The FTP server waits for the next command.
User response
Report the error to the system
programmer.
System programmer response
If the user
logged in anonymously,
- Inspect the default or explicitly coded value of ANONYMOUSFILEACCESS
in the server's FTP.DATA. See z/OS Communications Server: IP Configuration
Reference for
information about ANONYMOUSFILEACCESS values. Change ANONYMOUSFILEACCESS
to a value appropriate for your site. Stop the FTP server, then start
it again, to enable the new ANONYMOUSFILEACCESS value.
- Determine whether the command arguments specified a named pipe.
If you decide that the user should have access to the named pipe,
direct the user to log in as a known user. Anonymous users are
never allowed access to named pipes.
Check for errors in the security product indicating that
the user does not have read access to the resource profile EZB.FTP.sysname.ftpdaemonname.ACCESS.HFS.
If you want the user to have access to any z/OS UNIX file
system, grant the user read access to that profile.
Rule: To
access the z/OS UNIX file system, the user must log in again
after access to the profile has been granted, and after the SERVAUTH
class has been refreshed.
Problem determination
See the system programmer
response.
Source
z/OS Communications
Server TCP/IP: FTP