Use the ANONYMOUSLEVEL statement to set the type of access permitted to users who log in as anonymous users.
Syntax
.-ANONYMOUSLEVEL 1------. >>-+-----------------------+----------------------------------->< '-ANONYMOUSLEVEL--+-1-+-' +-2-+ '-3-'
Parameters
- 1
- Anonymous logins are as documented in the ANONYMOUS statement.
Anonymous users are not affected by the keywords and function of
the following:
- ANONYMOUSFILETYPESEQ
- ANONYMOUSFILETYPEJES
- ANONYMOUSFILETYPESQL
- ANONYMOUSFILEACCESS
- ANONYMOUSHFSFILEMODE
- ANONYMOUSHFSDIRMODE
- EMAILADDRCHECK
- 2
- Anonymous logins are allowed as documented in ANONYMOUS (FTP server) statement, except that the anonymous user's root directory is set with the UNIX call chroot() to the anonymous userid home directory. This confines the anonymous user's z/OS® UNIX access to the anonymous userID home directory and its subdirectories. A umask of 777 is used for all files and directories created by anonymous users.
- 3
- Anonymous logins are allowed as is documented in the ANONYMOUS
statement, but more control is given to customize access. The FTP.DATA statements used to give this control are:
- ANONYMOUSFILETYPESEQ
- ANONYMOUSFILETYPEJES
- ANONYMOUSFILETYPESQL
- ANONYMOUSFILEACCESS
- ANONYMOUSHFSFILEMODE
- ANONYMOUSHFSDIRMODE
The UNIX call chroot() is used to set the anonymous user's root directory to that user's home directory.
Instead of establishing a fixed UMASK for files and directories created by the anonymous user, the permission bits for files and directories are as defined by the ANONYMOUSHFSFILEMODE and ANONYMOUSHFSDIRMODE statements.
FTP clients are not allowed to issue the USER command to enter or leave anonymous login mode.
The password prompting behavior for anonymous users is different than for ANONYMOUSLEVEL 1 and 2. When the ANONYMOUS statement is coded with no user ID or password, the FTP server prompts the user to enter an e-mail address as a password. When the ANONYMOUS statement is coded with a user ID, the FTP server prompts the user to enter a password, as documented in ANONYMOUS (FTP server) statement. When the ANONYMOUS statement is coded with a user ID and password, the user is prompted to enter an e-mail address as a password. Control the degree of e-mail address validation with the EMAILADDRCHECK password.
When customizing FTP server to support ANONYMOUS logins, FTP server supports a way to avoid placing a plain-text password in the ANONYMOUS statement by supporting a special parameter, SURROGATE. This is shown in the following example:ANONYMOUS userid/SURROGATEFor more information about anonymous logins, see z/OS Communications Server: IP Configuration Guide or ANONYMOUS (FTP server) statement.
Requirement: In order to support this function, the FTP user ID must be defined to process users without passwords.
Examples
ANONYMOUSLEVEL 3Usage notes
- For ANONYMOUSLEVEL 2 and greater, when STARTDIRECTORY is z/OS UNIX, you must create a specific directory structure and contents within the anonymous user's home directory. This directory structure is needed so the FTP client maintains addressability to needed executable applications after the chroot() is executed. See z/OS Communications Server: IP Configuration Guide for details about creating the required directory structure.
- If you specify ANONYMOUSLEVEL 3 and either ANONYMOUS with no parameters or ANONYMOUS with both user ID and password, the user is prompted for an e-mail address to log in to FTP. The EMAILADDRCHECK keyword controls the extent to which the e-mail address entered is validated. See EMAILADDRCHECK (FTP server) statement for more information.
Related topics
- ANONYMOUS (FTP server) statement
- ANONYMOUSHFSFILEMODE (FTP server) statement
- ANONYMOUSHFSDIRMODE (FTP server) statement
- ANONYMOUSFILETYPEJES (FTP server) statement
- ANONYMOUSFILETYPESEQ (FTP server) statement
- ANONYMOUSFILETYPESQL (FTP server) statement
- EMAILADDRCHECK (FTP server) statement
- STARTDIRECTORY (FTP server) statement