To provide security for the FTP server, you must perform the following
tasks:
- (Optional) Activate and define the SERVAUTH class (see (Optional) Steps for activating and defining the SERVAUTH class).
- Set up security for the FTP server (see Steps for setting up security for your FTP server).
- Provide and control user access to the FTP server (see Steps for controlling user access to the FTP server).
- Set up a port of entry for users of the FTP server (see Steps for setting up a port of entry for users of the FTP server).
- Provide and control user access to the z/OS® UNIX file
system (see (Optional) Steps for controlling user access to the z/OS UNIX file system).
- Prevent exploitation of your FTP server (see Preventing exploitation of your FTP server).
- (Optional) Assign password phrases to user IDs that are used to
log in to the FTP server (see (Optional) Assigning password phrases to user IDs that are used to log in to the FTP server).
FTP uses resource profiles in the System Authorization Facility
(SAF) SERVAUTH class to control access to certain facilities and servers.
When access to a resource is controlled by a profile in the SERVAUTH
class, you must activate and RACLIST the SERVAUTH class. You do not
have to use the SERVAUTH class, but when a profile is defined in that
class, all FTP users who require access to it must be permitted to
it.
For more information, see z/OS UNIX System Services Planning and z/OS Security Server RACF Security Administrator's
Guide. For more information about network access
security zones, see Network access control. If you are
planning to implement a multilevel security environment on your z/OS system, see Preparing for IP networking in a multilevel secure environment.