Use the ANONYMOUS statement to allow remote users to log in as anonymous users.
You can use ANONYMOUSLEVEL, ANONYMOUSFILEACCESS, ANONYMOUSFILETYPESQL, ANONYMOUSFILETYPEJES, and ANONYMOUSFILETYPESEQ in conjunction with ANONYMOUSLEVEL 3 to restrict anonymous users' access to data sets and files. Use ANONYMOUSMVSINFO, ANONYMOUSLOGINMSG, ANONYMOUSHFSINFO, and EMAILADDRCHECK to customize the FTP session for anonymous users.
Requirement: If you choose an ANONYMOUSLEVEL value greater than 1, and you choose STARTDIRECTORY HFS, you must create an anonymous directory structure in the z/OS® UNIX. For more information about configuring anonymous logins, see z/OS Communications Server: IP Configuration Guide.
Syntax
>>-ANONYMOUS--+-------------------+---------------------------->< +-user_id-----------+ +-user_id/password--+ '-user_id/SURROGATE-'
Parameters
- user_id
- The security access facility (SAF) identity of the anonymous user.
When a remote user enters ANONYMOUS as a user ID, the FTP server treats
the login request as though the specified user_id was
entered instead of ANONYMOUS. The user is prompted for the password
to user_id. If the user enters the correct
password or password phrase, the user is logged in as the specified user_id.
If you are using RACF®, the system builds a user accessor environment element (ACEE), and the ANONYMOUS user has access to any resources available to the specified user ID.
- user_id/password
- The security access facility (SAF) identity and password the FTP
server uses for anonymous user. When a remote user enters ANONYMOUS
as the user ID, the FTP server treats the login request as though
the specified user_id was entered instead
of ANONYMOUS. The FTP server automatically provides the password for
the specified user_id and the user is logged
in as the specified user_id. If you are
using RACF, the system builds
the user ACEE for the specified user_id and
the ANONYMOUS user has authorized access to the same resources as
the specified user_id.
If ANONYMOUSLEVEL 3 is specified, the behavior is different. See ANONYMOUSLEVEL (FTP server) statement for details.
Restriction: Do not code a password phrase as password.
- user_id/SURROGATE
-
Allows a remote user to enter ANONYMOUS as a user ID. When ANONYMOUS is entered as the user ID, the FTP server treats the login request as though the specified user_ID was entered instead of ANONYMOUS. The FTP Server calls RACF and checks if this user_ID is allowed to login without a password or password phrase.
Requirement: In order to use this option, ANONYMOUSLEVEL must be greater or equal to 3. See ANONYMOUSLEVEL (FTP server) statement for details.
Examples
ANONYMOUS TERMABC/ILLBBACK- If you code ANONYMOUSLEVEL 3 in FTP.DATA, you can code additional statements to configure ANONYMOUS support and security. See Related topics for more information.
- If you specify a user ID on the ANONYMOUS statement, that user ID must be defined and have a z/OS UNIX segment defined or set to the default value.
- If you code the ANONYMOUS statement without a user ID, the user ID ANONYMO must be defined and must have a z/OS UNIX segment defined or set to the default value.
- If you code the ANONYMOUS statement without a user ID:
- The end user is not prompted for a password.
- If you are using the FTCHKPWD user exit,
- the exit is called with user ID ANONYMO and password *.
- If ANONYMOUSLEVEL 3 is coded in FTP.DATA and the FTP server prompts the FTP client for an email address, the email address is passed to the exit as the userdata parameter.
- The user ID ANONYMO and the STARTDIRECTORY statement in FTP.DATA determine the initial working directory. See initial working directory considerations at the z/OS FTP server in the z/OS Communications Server: IP User's Guide and Commands for more information.
- The initial working directory is ANONYMO when the STARTDIRECTORY MVS™ statement is coded in FTP.DATA.
- The initial working directory is the home directory for the ANONYMO user ID when the STARTDIRECTORY HFS statement is coded in FTP.DATA.
- If you are using RACF, a user who logs in as 'anonymous' has access to any resources accessible to the ANONYMO user ID.
- If you code the ANONYMOUS statement with a user ID, the user ID you coded and the STARTDIRECTORY statement determine the initial working directory. See initial working directory considerations at the z/OS FTP server in the z/OS Communications Server: IP User's Guide and Commands for more information.
- There is no default for ANONYMOUS. If you do not code the ANONYMOUS statement in FTP.DATA, users are not allowed to log in anonymously.
- See z/OS Communications Server: IP Configuration Guide for more information about anonymous FTP logins.
- ANONYMOUSLEVEL (FTP server) statement
- ANONYMOUSFILEACCESS (FTP server) statement
- ANONYMOUSFILETYPEJES (FTP server) statement
- ANONYMOUSHFSFILEMODE (FTP server) statement
- ANONYMOUSHFSDIRMODE (FTP server) statement
- ANONYMOUSHFSINFO (FTP server) statement
- ANONYMOUSLOGINMSG (FTP server) statement
- ANONYMOUSMVSINFO (FTP server) statement
- ANONYMOUSFILETYPESEQ (FTP server) statement
- ANONYMOUSFILETYPESQL (FTP server) statement
- EMAILADDRCHECK (FTP server) statement
- STARTDIRECTORY (FTP server) statement
- The FTCHKPWD user exit