Use this panel to access settings for the creation, transfer, and treatment of MVS data sets and z/OS UNIX file system files.
Steps
You have completed this panel after clicking the buttons to modify all desired settings.
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
Welcome to the z/OS FTP server configuration wizard.
As you proceed through the wizard, you will use the "Next", "Back" and "Finish" buttons to proceed through a few basic panels where you will configure:
After completion of the wizard:
Push buttons
Click Next to advance to the next wizard panel.
Click Cancel to negate any entries you have made in this wizard.
Click Help to understand more about this panel.
Use this panel to add configuration definitions to the FTP client SOCKS configuration file.
A SOCKS configuration file consists of entries where each entry defines an FTP server address and an indication whether to access that FTP server directly or through a SOCKS server. An entry can alternatively define a subnet, and indicate whether to access FTP servers in the subnet directly or through a SOCKS server.
When the FTP client logs in, the user specifies an FTP server address to connect to. The FTP client code accesses the SOCKS configuration file and looks for the FTP server's address or a matching subnet. It scans the entries from the top down and the first match found is used to determine whether to access the FTP server directly or through a SOCKS server.
Since the SOCKS configuration file entries can contain either individual FTP server addresses or subnets, its possible for the login address to match multiple entries. Therefore, the order of the entries is important.
Steps
You have completed this panel once you have entered the member name, added all the desired entries, and set the entries in the order of preference.
You can find more detailed help on the following elements of this window:
Push buttons
Click Add... to add an entry to the table.
Click Edit... to modify a selected entry.
Click Remove to remove a selected entry from the table.
Click Move Up to move a selected entry up one position.
Click Move Down to move a selected entry down one position.
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
The SOCKS configuration file will be created as a member of a partitioned data set extended (PDSE). This PDSE name was assigned in the Basic settings task. To modify the PDSE name, return to the IBM TCP/IP Configuration Demo for z/OS main customization panel and go to the Basic Settings task.
Syntax rules:
This table lists each entry in the SOCKS configuration file. Each entry shows the defined FTP server address or subnet and indicates whether it will be accessed directly or through a SOCKS server, by displaying "Directly to FTP Server" or "Use SOCKS Server", respectively.
Use the "Add..." button to add new entries to the table, use the "Edit..." button to modify a selected entry, and use the "Remove" button to remove a selected entry from the table.
Since the SOCKS configuration file entries can contain either individual server addresses or subnets, its possible for the login address to match multiple entries. Therefore, the order of the entries is important. Use the "Move Up" and "Move Down" buttons to ensure the entries are in the preferred order. For example, you will likely want all entries with individual FTP server addresses to be at the top and entries with subnets below them.
The table always contains the entry displayed as "All other FTP Servers". This entry cannot be removed and you cannot change its position in the table. It will always be the last entry in the table. This entry represents a subnet which matches all login addresses. This entry indicates how to connect to the FTP server for any login address not matching any other entries in the SOCKS configuration file. You can edit this entry to indicate whether the FTP servers should be accessed directly or through a SOCKS server.
Example
You add the following entries in the order shown:
Then you edit the "All other FTP Servers" entry to indicate FTP servers should be accessed directly.
As a result, this is what happens during a login:
FTP allows you to specify multi-byte translation tables in two different ways.
Use this panel to specify the iconv settings for multi-byte data connections.
FTP uses the iconv application programming interface to translate between two code pages.
These tables are active only when ENCODING is set to multi-byte character sets. By default, FTP sets ENCODING for single byte data transfers. ENCODING can be set to multi-byte character sets by either the SITE command or by selecting the "Use multi-byte translation" radio button. If you select the "Use multi-byte translation" radio button, all data transfers will be done using multi-byte translation unless you use the SITE command to set ENCODING for single byte translation.
Before you begin, know the name of the iconv character sets and if you want the data connection to use multi-byte translation tables by default.
Steps
You have completed this panel after you have entered the iconv network and file system character sets.
Fields
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
Enter an iconv encoded character set.
Click below to see a listed of supported ICONV codepage pairs.
Supported Multi-byte ICONV encoded character sets
Supported codepage pairs: | ||
---|---|---|
Support for: | file system | network transfer |
Chinese standard GB18030 | IBM-1388 or UTF-8 | IBM-5488 |
BIG5 | IBM-937 | IBM-950 or BIG5 |
EUCKANJI | IBM-930 | IBM-eucJP |
JIS78KJ (JISROMAN | IBM-930 | IBM-5053 |
JIS78KJ (ASCII | IBM-939 | IBM-5055 |
JIS83KJ (JISROMAN | IBM-930 | IBM-5052 |
JIS83KJ (ASCII | IBM-939 | IBM-5054 |
KSC5601 | IBM-933 | IBM-949 |
SCHINESE | IBM-935 | IBM-1381 |
SJISKANJI | IBM-930 or IBM-939 | IBM-932 or IBM-eucJC |
TCHINESE | IBM-937 | IBM-948 |
An iconv encoded character set.
Click below to see a listed of supported ICONV codepage pairs.
Supported Multi-byte ICONV encoded character sets
Use this panel to customized settings related to FTP SQL queries.
FTP enables you to submit a Structured Query Language (SQL) SELECT query to the DB2 subsystem and receive the results of the SQL query. FTP can perform this function as either the server or the client.
In order to perform the SQL SELECT query, the server requires that you define both the DB2 subsystem name and the DB2 plan name. The DB2 subsystem name is required since an MVS system can run several DB2 systems simultaneously. The plan name specifies the name of the specific DB2 system that you want to query. The DB2 plan name is the name of the plan built during the DB2 bind process. The plan specifies the access paths to the DB2 tables, checks the user's authority, and validates the SQL statements.
Before you begin, know the name of the DB2 subsystem and the DB2 plan for the database you want to query.
Steps
You have completed this panel if you have entered a DB2 subsystem and plan names.
Fields
Client login mode (FILETYPE=SQL) (only available for FTP clients)
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
Syntax rules:
Syntax rules:
FTP allows you to specify the format for the output of the SQL query, and choose column header.
The default report format puts one or more blank spaces between the columns, and it lists the SQL query, the column headings, and the resulting columns. You may also select the spreadsheet format option. The spreadsheet option puts a TAB character before the first character of each column entry, except the first column. The spread format enabled the SQL output data to be easily imported into a spreadsheet program. See your spreadsheet program documentation for instructions about how to import the output of the SQL query.
FTP also allows you specify if the column headers are determined from the column's name or label in the DB2 database.
To use the spreadsheet output format check the box labeled "Use spreadsheet format for query output (SPREAD)".
To use the DB2 database's column name, select the radio button labeled "Names of database columns". To use the DB2 database's column label, select the radio button labeled "Labels of database columns".
Since the column label is optional in DB2, if you chose to use column labels for the output header you also need to specify whether the column name or column number should be used if no column label is found.
This setting is only available when configuring an FTP client.
If you would like use this client configuration mainly for the purpose of running SQL queries on DB2 databases select the box labeled "Start the client in SQL mode". If you have started an FTP session in SQL mode you may return at anytime to normal FTP processing by issuing the SITE FILETYPE=SEQ command.
Welcome to the z/OS FTP client configuration wizard.
As you proceed through the wizard, you will use the "Next", "Back" and "Finish" buttons to proceed through a few basic panels where you will configure:
After completion of the wizard:
Push buttons
Click Next to advance to the next wizard panel.
Click Cancel to negate any entries you have made in this wizard.
Click Help to understand more about this panel.
Use this panel to select which cipher algorithm to add to your cipher choices.
Steps:
Push buttons
Click OK to add the selected cipher your list of cipher choices.
Click Cancel to exit without adding the selected cipher to your list.
Click Help to understand more about this panel.
Use this panel to enter the member name of the FTP client configuration file. An FTP configuration file will be created as a member of a partitioned data set extended (PDSE). The name of the PDSE was assigned in the Basic Settings task. To modify the PDSE name, return to the IBM TCP/IP Configuration Demo for z/OS main customization panel and go the Basic Settings task.
Syntax rules:
You have completed this panel after you have entered the member name and clicked on the "Next" button.
Push buttons
Click Next to advance to the next wizard panel.
Click Back to return to the previous wizard panel.
Click Cancel to negate any entries you have made in this wizard.
Click Help to understand more about this panel.
Use this panel to specify settings related to restarting data transfers that fail when the transfer was executed in block or compressed mode.
Before you begin, understand that FTP supports two subcommands for restarting data transfers that fail.
If you want to be able to use the restart command to restart data transfers for block or compressed mode, you must use the settings on this panel to enable the checkpoint function prior to issuing a restart.
No settings are required to issue the srestart command for stream mode and the settings on this panel do not apply to stream mode.
Steps
You have completed this panel after indicating whether you want to enable the checkpoint/restart function and entering the checkpoint interval.
You can find more detailed help on the following elements of this window:
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
This setting applies for data transfers when the FTP client is the sending site, for example, with a put command.
If you do not want to use the restart command, select "No".
If you do want to use the restart command, select "Yes; specify the checkpoint interval" and enter the checkpoint interval.
If you select "Yes", you must specify a checkpoint interval to indicate how often a restart marker is transmitted.
Indicates the checkpoint interval for restart marker transmits. The marker is transmitted after the specified number of records are sent.
Syntax rules:
This setting applies for data transfers when the FTP server is the sending site, for example, with a get command.
If you do not want to use the restart command, select "No".
If you do want to use the restart command, select "Yes".
If you want to use the restart command to restart a failed data transfer, you must enable this support for the client and the server. If the server is not enabled for this function, the setting on the client has no effect.
A checkpoint file residing on the client's system is required for the checkpoint/restart function, regardless of the direction of the file transfer (i.e. whether sending data from the client or receiving data from the server).
You can choose the location where the checkpoint data set will be created.
You have completed the z/OS FTP server configuration. Click "Finish" to save your settings.
After clicking "Finish":
Push buttons
Click Back to return to the previous wizard panel.
Click Finish to complete the wizard panels' specification.
Click Cancel to negate any entries you have made in this wizard.
Click Help to understand more about this panel.
Use this panel to indicate whether FTP should attempt to mount unmounted DASD volumes and unmounted tapes.
Steps
You have completed this panel after making your selections.
You can find more detailed help on the following elements of this window:
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
Indicate if FTP should attempt to mount unmounted DASD volumes.
Select "Permit automatic mounting of unmounted DASD volumes" to indicate FTP should attempt the mount.
Select "Prevent automatic mounting" to indicate FTP should not attempt to mount unmounted volumes, and should fail the FTP transfer if the volume is not mounted.
This setting is available both when configuring FTP clients and FTP servers. It is applicable to the client when accessing files on the client's system. It is applicable to the server when accessing files on the server's system.
Indicate if FTP should attempt to mount unmounted tapes.
Select "Permit automatic allocation and mounting of unmounted tapes" to indicate FTP should attempt the mount.
Select "Prevent automatic allocation and mounting" to indicate FTP should not attempt to mount unmounted tapes, and should fail the FTP transfer if the volume is not mounted.
This setting is available both when configuring FTP clients and FTP servers. It is applicable to the client when accessing files on the client's system. It is applicable to the server when accessing files on the server's system.
Use this panel to specify the data set size for newly created data sets and settings related to partitioned data set creation.
All settings are available both when defining FTP clients and FTP servers. The settings are applicable to FTP clients when creating data sets on the client's system. The settings are applicable to FTP servers when creating data sets on the server's system.
Steps
You have completed this panel after selecting how FTP should obtain the data set size settings, the number of directory blocks, and the PDS or PDSE indication.
You can find more detailed help on the following elements of this window:
Push buttons
Click Next to advance to the next wizard panel, which is available only if no storage class was specified.
Click Back to return to the previous wizard panel.
Click Finish to complete the wizard panels' specification, which is available only if a storage class was not specified.
Click Cancel to negate any entries you have made in this wizard.
Click Help to understand more about this panel.
Use the data set size values to specify the size of newly created data sets.
The data set size is determined by the number of primary extents specified. The primary value is the number of desired blocks, tracks or cylinders which you select from the drop down "SPACETYPE" list. For example, if you select a SPACETYPE value of Blocks, then the value specified for Primary is a specified number of blocks. Likewise, if you select a SPACETYPE value of Tracks, then the value specified for Primary is a specified number of tracks. The secondary value is used when creating a data set if the primary value is not large enough.
The data set size values can be obtained from an SMS data class or you can specify the values.
If you did not specify an SMS data class on the first wizard panel, you are required to select a SPACETYPE entry and enter values for Primary and Secondary extents.
If you did specify an SMS data class set on the first wizard panel, then the data size values are obtained from the SMS data class. You can choose to override the obtained values by selecting "Use this value:", selecting a "SPACETYPE" entry, and entering values for "Primary" and "Secondary" extents.
Syntax rules:
Use the partitioned data set values to specify settings for newly created partitioned data sets (PDS) and newly created partitioned data set extended (PDSE).
The directory blocks value can be obtained from an SMS data class or you can enter a value.
If you did not specify an SMS data class on the first wizard panel, you are required to enter a directory blocks value; the default is 27.
If you did specify an SMS data class set on the first wizard panel, then the directory blocks value will be obtained from the SMS data class. You can choose to override the obtained value, by selecting "Use this value:" and entering the number of directory blocks.
The PDS or PDSE decision will be obtained from an SMS data class if you do not indicate which to create.
If you did not specify an SMS data class on the first wizard panel, you should indicate your PDS or PDSE choice.
If you did specify an SMS data class set on the first wizard panel, then the PDS or PDSE choice is obtained from the SMS data class. You can choose to override the choice by selecting "Use this value:" and selecting your "PDS" or "PDSE" choice.
Syntax rules:
Use this panel to define an entry in a FTP client SOCKS configuration file.
A SOCKS configuration file entry consists of an FTP server address and an indication whether to access that FTP server directly or through a SOCKS server. An entry can alternatively define a subnet, and indicate whether to access FTP servers in the subnet directly or through a SOCKS server.
When the FTP client logs in, the user specifies an FTP server address to connect to. The FTP client code accesses the SOCKS configuration file and looks for the FTP server's address or a matching subnet. It scans the entries from the top down and the first match found is used to determine whether to access the FTP server directly or through a SOCKS server.
Steps
You have completed this panel after you have entered the FTP server address or subnet and indicated whether logins to the FTP server address or subnet should connect directly to the FTP server or connect through a SOCKS server. If you selected to connect through a SOCKS server, the SOCKS server address is required.
You can find more detailed help on the following elements of this window:
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
A SOCKS configuration file entry consists of an FTP server address and an indication whether to access that FTP server directly or through a SOCKS server. An entry can alternatively define a subnet, and indicate whether to access FTP servers in the subnet directly or through a SOCKS server.
To define an entry identifying a specific FTP server, select "A specific FTP server" and enter the server's IP address.
To define an entry identifying a subnet where FTP servers reside, select "FTP servers in a subnet" and enter the IP address and subnet mask combination. The IP address and subnet mask are logically ANDed together to calculate the subnet.
Syntax rules
Syntax rules
The subnet value will be logically ANDed with the subnet mask to determine the subnet.
A SOCKS configuration file entry consists of an FTP server address and an indication whether to access that FTP server directly or through a SOCKS server. An entry can alternatively define a subnet, and indicate whether to access FTP servers in the subnet directly or through a SOCKS server.
To indicate logins to the FTP server or subnet, identified on this panel, should connect the client directly to the FTP server, select "Connect directly to the FTP server".
To indicate logins to the FTP server or subnet, identified on this panel, should connect the client to the FTP server through a SOCKS server:
Your entry will first be checked to see if it is a valid IP address. If it is not, it is assumed to be a host name.
Syntax rules:
For an IP address:
For a host name:
Use this panel to create new z/OS FTP client configurations or to modify existing client configurations.
The table shows the client configurations that are currently defined. Each table entry lists the configuration name and indicates if a security protocol is configured for the client.
Use the buttons on this panel to perform the desired tasks.
Push buttons
Use this panel to specify file names containing messages displayed to clients when connecting or logging in to the FTP server. This panel is also used to access additional configuration options to display customized messages to clients when users change directories.
Before you begin, decide if the FTP server should send customized messages to clients when starting a new connection, logging in, or changing directories.
Steps:
You have completed this panel when you have entered the file names associated with the respective messages. All fields are optional, therefore, no entries are required if these functions are not desired.
You can find more detailed help on the following elements of this window:
Message file for all users (BANNER)
Message file for named users only (LOGINMSG)
Push buttons
Click Message Files... to configure to send customized messages when directory changes occur.
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
You can configure the FTP server to display customized welcome or login messages to clients. Two configuration options are available, the BANNER message and the LOGINMSG message.
To activate any of these messages, specify the file name containing the message in the respective field on the configuration panel. Use of welcome and login messages is optional. Any of these options can be used in conjunction with the others.
Use of the BANNER file is optional. If no BANNER file is specified, no message is displayed when starting a new connection. If a BANNER file is specified, up to 100 lines of the file are displayed to FTP clients starting a new connection.
Example:
A file is specified that contains the message:
HELLO WORLD; THIS IS MY BANNER MESSAGE!
When the client connects in, the following is displayed to the client:
D:\>ftp 9.42.103.112 Connected to 9.42.103.112. 220-FTPD1 IBM FTP CS V1R4 at MVS171.tcp.raleigh.ibm.com, 14:27:04 on 2002-10-29. 220-HELLO WORLD; THIS IS MY BANNER MESSAGE! 220 Connection will not timeout. User (9.42.103.112:(none)):
To show a message to the client when starting a new connection, enter the name of the MVS data set or zFS file containing the message.
If it is an zFS file, it must adhere to the following syntax rules:
If it is an MVS data set, it must adhere to the following syntax rules:
The BANNER message may be used in conjunction with the LOGINMSG. The LOGINMSG is applicable only to named users. The LOGINMSG is shown to the client after the login is complete.
Example:
A BANNER file is specified that contains the message:
HELLO WORLD; THIS IS MY BANNER MESSAGE!
A LOGINMSG file is specified that contains the message:
HELLO NAMED USER; THIS IS MY LOGIN MESSAGE!
When the client connects and logs in, the following is displayed to the client:
D:\>ftp 9.42.103.112 Connected to 9.42.103.112. 220-FTPD1 IBM FTP CS V1R4 at MVS171.tcp.raleigh.ibm.com, 14:43:04 on 2002-10-29. 220-HELLO WORLD; THIS IS MY BANNER MESSAGE! 220 Connection will not timeout. User (9.42.103.112:(none)): user1 331 Send password please. Password: 230-HELLO NAMED USER; THIS IS MY LOGIN MESSAGE! 230 USER1 is logged on. Working directory is "/u/user1". ftp>
Use of the LOGINMSG file is optional. If no LOGINMSG file is specified, no message is displayed after login completion. If a LOGINMSG file is specified, up to 100 lines of the file are displayed to the FTP client after login completion. The message is shown only to named FTP users.
Example:
A LOGINMSG file is specified that contains the message:
HELLO NAMED USER; THIS IS MY LOGIN MESSAGE!
When the named user logs in, the following is displayed to the client:
D:\>ftp 9.42.103.112 Connected to 9.42.103.112. 220-FTPD1 IBM FTP CS V1R4 at MVS171.tcp.raleigh.ibm.com, 15:17:11 on 2002-10-29. 220 Connection will not timeout. User (9.42.103.112:(none)): user1 331 Send password please. Password: 230-HELLO NAMED USER; THIS IS MY LOGIN MESSAGE! 230 USER1 is logged on. Working directory is "/u/user1". ftp>
To show a message to named users at login completion, enter the name of the MVS data set or zFS file containing the message.
If it is an zFS file, it must adhere to the following syntax rules:
If it is an MVS data set, it must adhere to the following syntax rules:
The LOGINMSG file may be used in conjunction with the BANNER file. The BANNER message is shown when a new connection is started, while the LOGINMSG message is shown after login completion.
Example:
A BANNER file is specified that contains the message:
HELLO WORLD; THIS IS MY BANNER MESSAGE!
A LOGINMSG file is specified that contains the message:
HELLO NAMED USER; THIS IS MY LOGIN MESSAGE!
When the client connects and logs in, the following is displayed to the client:
D:\>ftp 9.42.103.112 Connected to 9.42.103.112. 220-FTPD1 IBM FTP CS V1R4 at MVS171.tcp.raleigh.ibm.com, 14:43:04 on 2002-10-29. 220-HELLO WORLD; THIS IS MY BANNER MESSAGE! 220 Connection will not timeout. User (9.42.103.112:(none)): user1 331 Send password please. Password: 230-HELLO NAMED USER; THIS IS MY LOGIN MESSAGE! 230 USER1 is logged on. Working directory is "/u/user1". ftp>
The message files specified on the Banners panel (BANNER, LOGINMSG) may include the keyword %E as part of the message text. You can specify a value that the FTP server will substitute for the %E keyword. This substitution is also applicable for the MVSINFO and HFSINFO and message files located on the panel titled, Directory Change Messages which is accessed by clicking the "Message Files..." button.
This configuration option allows the specification of the FTP server administrator. However, the value you entered is not restricted to be an e-mail address and its specification is optional.
Example:
If a BANNER message file contains the following text:
MY BANNER MESSAGE. THIS IS MY EMAIL ADDRESS: %E
And you specified the following value as the E-mail address:
myaddress@us.mycompany.com
The following would be seen at the client when a new connection is started:
D:\>ftp 9.42.103.112 Connected to 9.42.103.112. 220-FTPD1 IBM FTP CS V1R4 at MVS171.tcp.raleigh.ibm.com, 18:49:45 on 2002-10-29. 220-MY BANNER MESSAGE. THIS IS MY EMAIL ADDRESS myaddress@us.mycompany.com 220 Connection will not timeout. User (9.42.103.112:(none)):
Syntax rules:
After a client logs in, the user can change directories using the "cd" command. The FTP server can be configured to display customized messages to the client when the user changes to certain directories. If this function is desired, click the "Message Files..." button to configure this function.
Insert overview help for the 'UCS-2' dialog, here.
Use this panel to configure a z/OS FTP client when you want to base its configuration on an existing FTP client. All settings for the new client will be identical to the old client except for the member name.
Steps
You have completed this panel after you have entered the configuration file's PDSE member name.
You can find more detailed help on the following elements of this window:
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
You are creating a new FTP client and basing its configuration on an existing client. All settings for the new client will be identical to the existing client except for the member name.
Each configured FTP client is identified in the customization panels by the configuration file member name you defined. The member name of the existing client, which is being copied, is shown for your convenience.
You are creating a new FTP client and basing its configuration on an existing client. All settings for the new client will be identical to the existing client except for the member name.
An FTP client configuration file will be created as a member of partitioned data set extended (PDSE). This PDSE name was assigned in the Basic settings task. To change the PDSE name, return to the IBM TCP/IP Configuration Demo for z/OS main customization panel and go to the Basic Settings task.
You are required to enter the configuration member name for the client you are creating.
Syntax rules:
Use this panel to specify the type of JES interface the FTP server uses, the data set options for files submitted to JES, and the timeout for the submitted jobs.
The FTP server provides users with a JES interface. This interface allows:
Before you begin, know the what level of JES interface that you use, if you want to specify the data set for JES jobs, and the time limit you want placed on the submitted jobs.
Steps
You have completed this panel if you have selected a JES interface level, selected the JES data set options and specified JES timeout seconds.
Fields
JES interface level (JESINTERFACELEVEL)
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
FTP allows for two settings for using the JES interface.
Select "Only jobs that match the ID under which user logged in (JESINTERFACELEVEL=1)", to specify the FTP server to use the JES interface provided in releases prior to OS/390 CS V2R10. At this level, the FTP user can submit jobs to JES, retrieve held output matching their logged-in user ID plus one character, and delete held jobs matching their logged-in user ID plus one character.
Select "Any job on any system where the user has JESSPOOL access. Requires special security setup. (JESINTERFACELEVEL=2)" to allow FTP users the ability to retrieve and delete any job in the system permitted by the security access facility (SAF) resource class JESSPOOL. For that reason, this setting should be specified only if the proper JES and SDSF security measures are in place. The SAF controls used for JESINTERFACELEVEL=2 are essentially a subset of those used by SDSF. Therefore, if an installation has customized SAF facilities for SDSF, then they are configured for FTP JES level 2. Before customizing the FTP-to-JES interface, complete JES customization. For example, JESJOBS is a Security Access Facility (SAF) class that controls which users can submit jobs to JES. JESSPOOL is the SAF that controls which users can access output jobs. Customize these SAF classes before beginning customization of the FTP-to-JES interface.
JESSPOOL defines resource names as <nodeid>.<userid>.<jobname>.<Dsid>.<dsname>. An FTP user can delete an output job if they have ALTER access to the resource that matches their nodeid, userid, and job name. If the FTP user has UPDATE access to the resource, they can list, retrieve, or GET the job output. (JESINTERFACELevel 2 uses the SAPI interface to JES, so UPDATE authority is required to list job status or retrieve job output.) For more information on JES security, refer to z/OS JES2 Initialization and Tuning Guide, SA22-7532. For more information on the SAPI interface, refer to z/OS MVS Using the Subsystem Interface, SA22-7642.
The FTP server employs SDSF resources to use three filters that control display of jobs.
Syntax rules:
The FTP server allows you specify the record format and length of the jobs submitted. The record format is used during dynamic allocation of the internal reader when submitting jobs to JES.
Both the record format and record length values can be specified here or can be set to the same value that FTP uses when creating data sets.
To set the JES record length to use the same value used in data set creation, specify the * character.
To set the JES record format to use the same value used in data set creation, select the "Default" value from drop down list.
Syntax rules:
Select an entry from the drop down list of record format options.
Select the "Default" option if you would like to use the same record format FTP uses when creating data sets. This value is specified in "Data Set Attributes..." under the MVS/HFS Files tab.
The JES put/get timeout is used when the FTP client performs a GET with a source and a target name. The source job is submitted to JES. The server waits until the JES PutGet timeout expires or until the job completes. If the job completes, it stores the output in the target name file. If the job does not complete, the FTP client displays a reply to the end user.
Set the JES timeout value high enough for most jobs to complete within the specified time but not so high (for example, 86400) that end users wait excessive amounts of time for job completion.
Syntax rules:
Use this panel to access the FTP translation settings.
FTP uses translation tables to convert transmitted data from the z/OS UNIX file system (host EBCDIC) to the network (usually ASCII). FTP supports three different forms of translation tables:
Control connection translation
For the control connection, FTP generally uses ISO8859-1 for the network code page and IBM-1047 for the z/OS UNIX file system code page. FTP also allows you to specify either the internal single byte or CONVXLAT created translation tables to be used. To allow for UTF-8 support, you may select the allow UTF8 pathnames option under control connection settings. This starts FTP using the ISO8859-1 iconv code page and negotiates a switch to UTF8 encoding of the control connection, as described in RFC 2640.
Data connection translation
For the transfer of data on the data connection, FTP supports:
Steps
You have completed this panel after you have made your translation modifications.
Push buttons
Click Control Connection Settings... to modify your translation
settings for the control connection.
Click Single Byte Data Connection Settings... to modify your
translation settings for single byte data connections.
Click
Multi-byte Data Connection Settings... to modify your
translation settings for multi-byte data connections.
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
Use this panel to enter a volume serial number to be added to the volume list.
Syntax rules
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
Use this panel to define settings allowing FTP clients to use SOCKS servers to access FTP servers.
Steps
You have completed this panel after indicating you do not want to use SOCKS servers, or indicating which SOCKS configuration file the FTP client should use.
You can find more detailed help on the following elements of this window:
Push buttons
Click New... to create a SOCKS configuration file.
Click Edit... to modify the selected SOCKS configuration file.
Click Delete to delete the selected SOCKS configuration file from the list.
Click Report... to show the configuration file of the selected entry.
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
Syntax rules:
If it is an zFS file, it must adhere to the following syntax rules:
Selecting "Use the created SOCKS configuration file selected below" allows you to use the GUI to create SOCKS configuration files for FTP clients.
Click the "New..." button to create a SOCKS configuration file, click the "Edit..." button to modify a selected SOCKS configuration file, and click the "Remove" button to remove the selected SOCKS configuration file from the list.
The first time you select "Use the created SOCKS configuration file selected below" you will see the following displayed:
"Active SOCKS configuration file: None"
After you have created a SOCKS configuration file, the display will be updated to indicate the Active SOCKS configuration file as the one you just created.
You may create multiple SOCKS configuration files. All FTP clients you create using the GUI will see the list of all SOCKS configuration files created using the GUI. Once you have created a SOCKS configuration file using the GUI, if you create new FTP clients, you can just click on a SOCKS configuration file in the list to make it the client's active SOCKS configuration file.
If there are multiple SOCKS configuration files listed, you can change the active configuration file for a client by clicking on a different SOCKS configuration file in the list. The display of the active SOCKS configuration file will be updated immediately to indicate your new selection.
You can use the "Report..." button at any time to show the complete SOCKS configuration file for a selected entry. This will show you the exact configuration statements and parameters that will be produced by the GUI.
Be aware that selecting an entry from the SOCKS configuration file list will ultimately produce the FTP.DATA client configuration statement SOCKSCONFIGFILE. The SOCKSCONFIGFILE statement's parameter is a fully qualified MVS data set name, which contains the SOCKS configuration file. Therefore, the SOCKSCONFIGFILE's parameter will be the name of the PDSE with the SOCKS configuration file name concatenated as the member name. Keep this in mind in case you relocate the SOCKS configuration file.
Use of the browser access token it optional. If you use a browser to access the FTP server, and you will access MVS data sets with the browser, then you need to specify the token. The token represents an arbitrary set of characters that you will enter in your FTP URL to signify that an MVS data set name follows the token.
It is recommended that you avoid using symbols in the token, which the browser might interpret as special or meta characters.
Websphere Application Server (WAS) provides a similar MVS data set token and you may want to use the same token for WAS and FTP.
Syntax rules
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
Use this panel to customize the security behavior.
Before you begin, you should understand:
Steps
You have completed this panel after making your security protocol required selection, your client certificate authentication selection, your data connection security level selection, and your control connection security level selection.
You can find more detailed help on the following elements of this window:
Security protocol required (SECURE_FTP)
Client certificate authentication (SECURE_LOGIN, SECURE_PASSWORD) (only available for FTP servers)
Data connection security level (SECURE_DATACONN)
Control connection security level (SECURE_CTRLCONN) (only available for Kerberos)
Use this setting to indicate whether use of a security protocol is optional or required.
This setting is applicable both when configuring an FTP client and an FTP server.
If you check the box labeled "Clients must use secure connections", the server requires all clients to login using a security protocol.
If you do not check the box labeled "Clients must use secure connections", the server allows clients to login using a security protocol, but it is not required.
If you check the box labeled "Clients must use secure connections", the client logs in using the specified security mechanism. If the server does not support the client's security mechanism, the login fails and the client cannot login.
If you do not check the box labeled "Clients must use secure connections", the client logs in using the specified security mechanism. If the server does not support the client's security mechanism, the server indicates this back to the client. The client then completes the login, but without using a security mechanism.
These settings are available only when configuring an FTP server.
Use these settings to indicate whether the FTP server requires client authentication.
These settings apply to both TLS and Kerberos, however, only the "Verify client user ID" selection modifies the behavior for Kerberos. Also note the term "certificate" is actually TLS terminology. In Kerberos terminology, the equivalent of a certificate is a ticket which contains credentials.
This setting is used to indicate the level of security used on data connections and applies to both TLS and Kerberos.
There are differences between TLS and Kerberos.
For TLS, system SSL services and protocols are used to negotiate which cipher algorithm is used for the FTP session. The system SSL has multiple cipher algorithms, which provide both encryption and data authentication (i.e. data integrity). Encryption scrambles the data so it is transferred confidentially and cannot be interpreted without a special key. Data authentication algorithms ensure the data was not modified during transfer. Some of the supplied cipher algorithms provide only data authentication, and some provide both encryption and authentication. You can customize which cipher algorithms should be used by FTP. However, be aware that the actual cipher algorithm used for the session is determined after a negotiation between the server and client. For example, if you configure an FTP server to use the "Triple DES encryption, SHA authentication" algorithm, but the client does not support that algorithm, it will not be used.
For Kerberos, the system Kerberos (Network Authentication Service) provides the encryption and integrity algorithms. You can request data to be enciphered for integrity protection, or for both privacy and integrity protection. However, the algorithms used by Kerberos cannot be customized or negotiated.
The data connection security level is available both when configuring a client and a server.
Before you begin you should understand the level of security for data connections is determined by both the configuration settings on this page and by commands an FTP user may issue during an FTP session. The following commands can be issued by the user:
This setting is used to indicate the level of security used on control connections and applies only to Kerberos. When using TLS, the control connection is required to be enciphered and this setting has no effect on the TLS behavior.
The system Kerberos (Network Authentication Service) provides the encryption and integrity algorithms. You can request the control connection data (FTP commands and replies) to be enciphered for integrity protection, or for both privacy and integrity protection. However, the algorithms used by Kerberos cannot be customized or negotiated.
The data transferred on control connections is always FTP command and reply protocols.
The control connection security level setting is available both when configuring a client and a server.
Before you begin you should understand the level of security for control connections is determined by both the configuration settings on this page and by commands an FTP user may issue during an FTP session. The following commands can be issued by the user:
Use this panel to customize cryptographic algorithms. FTP uses the encryption services of SSL or TLS to protect data. Your z/OS system SSL/TLS provides a defined set of encryption and data authentication algorithms we refer to as ciphers. The encryption algorithm scrambles the data so that it cannot be interpreted. The data authentication algorithm ensures that the data is delivered completely without alteration.
Before you begin, make some decisions about security.
Steps
You have completed this panel after you have:
You can find more detailed help on the following elements of this window:
Is this system subject to export regulations?
Cipher choices listed in preferred order.
Radio Buttons
Click I want to use the defaults to use defaults.
Click I want to select which algorithms to use to indicate you will be selecting particular algorithms to use.
Click Yes to indicate your system is subject to export regulations.
Click No to indicate your system is not subject to export regulations.
Push buttons
Click Add... to add a cipher to the list.
Click Remove... to remove the selected cipher from the list.
Click Move Up to move the selected cipher up one position.
Click Move Down to move the selected cipher down one position.
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
Select "Yes" if you are. This disables the choices that are not available due to export restrictions. "No" is the default. The ciphers that are not available for export are:
If you select "Yes" and already added restricted ciphers to your list of preferred ciphers, they will be removed automatically.
Use the "Add...", "Remove", "Move Up" and "Move Down" buttons to manage the list of cipher algorithms you desire. The order of the ciphers is important. FTP will attempt to use the top entry in the cipher list first. If it is not available or not supported by its session partner, FTP will attempt to use the next one in the list. Therefore, use the "Move Up" and "Move Down" buttons to ensure the ciphers are in priority order.
If you select multiple algorithms, FTP must exchange information with the session partner to determine which of the algorithms to use. This is based on:
Available cipher algorithms are:
Use this panel to customize settings related to FTP client return codes.
An FTP client enters the FTP environment by issuing the ftp command. If you issue the ftp command with the option ( EXIT, ( EXIT=nn, or, if executing from UNIX System Services, the -e option, you enable the FTP client return code function. This results in closing the FTP environment for certain FTP errors, and setting return codes for the client.
If you do not specify the ( EXIT, ( EXIT=nn, and -e options on the ftp command line, the client's FTP environment will not end if an error occurs, and the client's return code will always be set to 0.
The format of the return code and how the return code is seen by the client depend both on the customization settings from this panel and the client's execution environment.
For clients running interactively from TSO or the z/OS UNIX System Services shell, the client sees message EZA1735I when an error occurs. EZA1735I shows a 2 digit client error code, the failing FTP subcommand, and a 3 digit reply code. The 2 digit client error codes and FTP subcommands are described in z/OS Communications Server IP User's Guide and Commands (SC31-8780). The 2 digit client error codes are in section 'FTP client error codes' and the FTP subcommands are in section 'FTP subcommand codes'. The 3 digit reply codes are described in z/OS Communications Server IP and SNA Codes (SC31-8791) in the section 'FTPD reply codes'.
For clients running in batch mode, as TSO clists, or from REXX applications, the return codes are passed back to the client, in addition to being posted in message EZA1735I. The return codes may also be logged in SMF type 30, Step Termination, records. The format of the return codes passed to the client depends on the settings you choose in the Converting return codes (CLIENTERRCODES) section. However, the format of the return code shown in message EZA1735I is fixed and cannot be customized.
It is possible to see client return codes regardless of whether or not the ftp command option ( EXIT, ( EXIT=nn, or -e is specified. Checking the box "Report errors with message EZZ9830I" allows you to see the return codes logged in message EZZ9830I.
Steps
You have completed this panel after selecting the return code format and indicated whether you want to log return codes using message EZZ9830I.
You can find more detailed help on the following elements of this window:
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
Below lists the possible formats for FTP return codes for clients running in batch mode, as a TSO clist, or from a REXX application.
The format of the return code is determined both by the settings on this panel and by parameters entered on the ftp command when the user logs in. The use of the EXIT=nn ftp command parameter will override the settings on this panel as explained below.
The settings on this panel apply to interactive clients, running under TSO or the z/OS UNIX System Services shell, only if you checked the box labeled "Report errors with message EZZ9830I". The return code format in message EZZ9830I is shown according to the return code format selected. If ftp command option ( EXIT, ( EXIT=nn, or -e is specified for interactive clients, errors are also reported with EZA1735I. However, EZA1735I shows the return code values and failing subcommands in a fixed format which cannot be customized.
Use this option to see client return codes logged with message EZZ9830I.
Checking the box "Report errors with message EZZ9830I" results in return codes being logged in message EZZ9830I.
If the client is running in batch mode the message is logged in the system log, SYSLOGD, and in the batch job's log. Otherwise, the message is posted to the client's display.
Message EZZ9830I contains:
Use this panel to specify the target volumes, the unit type and the unit count for newly created data sets. If creating data sets on a tape, the volume count parameter can also be set.
All settings are available both when defining FTP clients and FTP servers. The settings are applicable to FTP clients when creating data sets on the client's system. The settings are applicable to FTP servers when creating data sets on the server's system.
If you specify an SMS storage class on the first wizard panel, then the settings from this panel are not used, rather the values are obtained from the storage class.
Steps
You have completed this panel after adding your preferred volumes, optionally modifying the volume count value, specifying the unit type, and specifying the unit count.
You can find more detailed help on the following elements of this window:
Push buttons
Click Add... to add a volume ID to the volume list.
Click Edit... to modify the selected volume ID.
Click Remove to remove the selected volume ID from the list.
Click Move Up to move the selected volume ID up one position in the list.
Click Move Down to move the selected volume ID down one position in the list.
Click Back to return to the previous wizard panel.
Click Finish to complete the wizard panels' specification.
Click Cancel to negate any entries you have made in this wizard.
Click Help to understand more about this panel.
You may define a list of volume serial numbers to indicate where newly created data sets should reside. If you do not add any volumes to the list, the system default volume list is used.
You can add up to 10 volumes to the list using the "Add..." button. The order of the volumes is significant. The system will first attempt to create the data set on the first volume in the list, and use the following volumes in the list if more space is needed. Use the "Move Up" and "Move Down" buttons to ensure the volumes are in your preferred order.
Use the "Add..." button to add new volumes, the "Edit..." button to modify the selected entry, and the "Remove" button to remove the selected volume from the list.
The volume count setting is used only when creating data sets on tapes. This value indicates the maximum number of volumes that can be used when creating a data set.
Syntax rules:
Specify a value of P to use the same number of devices specified in the volume list or the volume count value, whichever is higher. Specifying a value of P causes all volumes for the data set to be mounted in parallel.
Syntax rules:
Syntax rules:
Use this panel to specify the certificate location required for SSL/TLS security functions. The server certificate authentication process defined in the SSL protocol requires a certificate location. This location can be either:
Before you begin, decide:
Steps
You have completed this panel when you have:
Fields
Certificate (key ring) location (KEYRING)
Radio Buttons
Click Key ring in security server to specify a key ring name within a security server.
Click Key database in HFS to specify an z/OS UNIX file system key database file name.
Push buttons
Click Ciphers... to specify cryptographic algorithms.
Click Advanced... to specify additional security settings.
SSL requires server and optionally client authentication. Such authentication requires the server certificate location. Client authentication certificates reside in the same data base.
System SSL supports the following two methods for managing PKI private keys and certificates.
Create this file using the z/OS shell-based program, gskkyman. When running gskkyman:
Enter the key database name and extension on the panel. FTP can locate the stash file since it has the same file name.
When you are done, ensure you have created 2 files:
This is a snapshot of your configuration file.
Push buttons
Click Save to save this configuration file to local disk.
Click Print to print this configuration file.
Click Close to end this panel.
This is a snapshot of your SOCKS configuration file.
Push buttons
Click Save to save this configuration file to local disk.
Click Print to print this configuration file.
Click Close to end this panel.
Use this panel to configure the following general settings:
Before you begin you should:
Steps
You have completed this panel once you have specified the control connection port, optionally restricted the data connection port range, optionally selected to enable security, indicated the user's initial z/OS UNIX file system, entered the start procedure name, and entered the configuration file member name.
You can find more detailed help on the following elements of this window:
Control connection port number
Optionally, you may restrict the port range for data connections.
Starting z/OS UNIX file system (STARTDIRECTORY)
Push buttons
Click Security Settings... to customize your security settings.
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
Specify the FTP server's control connection port.
The FTP server will listen for incoming logins on the control connection port number.
This port number must not conflict with other port reservations. Both the port number you specify and port number - 1, are reserved for the FTP server. Therefore, other applications must not already have reserved these ports.
If another application has already reserved the ports, you will be asked if you want to negate the reservation for the other application and proceed with your FTP server's port reservation request.
If the port is already reserved for another FTP server, you will be asked if you want to bind an IP address to this FTP server's port reservation. If you decide to bind an IP address, then your server will connect only to clients using this bind IP address when logging in.
To see all port reservations, return to the IBM TCP/IP Configuration Demo for z/OS main customization panel and go to the Basic Settings task.
Syntax rules:
When an FTP client logs in to a server, a connect request always flows from the client to the server to establish a control connection. When a client wants to transfer data, for example with a get command, a different connection, referred to as a data connection, must be established to handle the transfer. Unlike the control connection, there are multiple ways a data connection can be established. The server can initiate the connect request or the client can initiate the connect request, depending on the level of FTP RFC support.
You may restrict which ports are used for data connections for the cases where the clients use firewall friendly protocols. While the client opens the data connection, it is the server that tells the client which port to connect to. By specifying the lower and upper range, you direct the server to pick a data connection port within the specified range. The server randomly selects a port within the range. This may be helpful in defining firewall policies to accommodate the range of ports FTP data connections will use.
The specified range of ports are reserved for FTP by coding the PORTRANGE configuration statement, with the AUTHPORT parameter, in PROFILE.TCPIP. The GUI automatically does this reservation for you. If any of the ports in the range are already reserved for another application, you will be asked if you want to negate the other application's reservation. A complete list of port reservations can be seen in the Basic Settings task.
The port range specification for data connections not using firewall friendly protocols has no effect.
Syntax rules:
Check this box to enable the FTP server to support clients using the Transport Layer Security protocol (TLS) protocol. The Security Sockets Layer (SSL) protocol is included in TLS.
After checking the box "Enable TLS security", click the "Security Settings..." button to customize security settings for TLS.
Clicking the "Security Settings..." button is required to specify the certificate (key ring) location. For other security settings, you can use the defaults if desired.
Check this box to enable the FTP server to support clients using the Kerberos security protocol.
After checking the box "Enable Kerberos security", click the "Security Settings..." button to customize security settings.
If you select only Kerberos, and not TLS, clicking the "Security Settings..." button is optional. The default security settings are used.
This button is available only if you have indicated the server should be enabled to support clients using the Transport Layer Security (TLS) or the Kerberos security protocols.
If TLS is checked, you are required to enter a key ring database by clicking this button.
You may also further customize your security settings by clicking this button.
If you select TLS, clicking the "Security Settings..." button allows you to set the following:
Indicate the file system a user will see after a login.
You may select for users to see the z/OS UNIX hierarchical file system (zFS) or MVS data sets.
If you select zFS, when the user logs in, the initial working directory is the user's root directory in the zFS.
If you select MVS data sets, when the user logs in, the initial working directory is an MVS data set. The data set name is the same as the login user ID.
An FTP start procedure and configuration file will be created as members of a partitioned data set extended (PDSE). The name of the PDSE was assigned in the Basic Settings task. To modify the PDSE name, return to the IBM TCP/IP Configuration Demo for z/OS main customization panel and go the Basic Settings task.
An FTP server start procedure will be created as a member of a partitioned data set extended (PDSE). This PDSE name was assigned in the Basic settings task. To change the PDSE name, return to the IBM TCP/IP Configuration Demo for z/OS main customization panel and go to the Basic Settings task.
This start procedure name is also used as the FTP server's job name. If the name is 7 characters or less, the job name is the start procedure name with a 1 concatenated to the end of the name. If the start procedure name is 8 characters, the job name is the same as the start procedure name.
Example
Syntax rules:
Check the "Autolog" box if you want the FTP server to be started automatically when TCP/IP is started.
Checking "Autolog" may also restart your FTP server if it is stopped or hung. TCP/IP will check every five minutes to see if the server is still running or hung. If it is not running, TCP/IP will restart the server. If it is hung, TCP/IP will cancel it and restart it. It is considered hung if the server is no longer listening for incoming logins.
Syntax rules:
Use this panel to indicate if the client should use a security protocol to provide data privacy and integrity as well as login authentication.
The client can use either the Transport Layer Security (TLS) (Secure Sockets Layer (SSL) is included in TLS) or the Kerberos security protocol.
Both protocols provide login authentication, data encryption, and data integrity to ensure the data is not modified during transmission.
Steps
You have completed this panel after selecting your security choice. If you choose to use security, the wizard will direct you to the security settings.
Push buttons
Click Next to advance to the next wizard panel.
Click Back to return to the previous wizard panel.
Click Cancel to negate any entries you have made in this wizard.
Click Help to understand more about this panel.
Use this panel to indicate the desired protocol for opening data connections and to specify how the client should work with NETRC files.
Before you begin:
Steps
You have completed this panel after making your desired selections.
You can find more detailed help on the following elements of this window:
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
Your selection is applicable only when clients log in using IPv4 addresses.
When an FTP client logs in to a server, a connect request flows from the client to the server to establish a control connection. When a client wants to transfer data, for example with a get, a different connection, referred to as a data connection, must be established to handle the transfer. Unlike the control connection, there are multiple ways a data connection can be established. The server can initiate the connect request or the client can initiate the connect request, depending on the level of FTP RFC support.
There are differences between the RFC 1579 and the RFC 2428 protocols.
The use of the EPSV command may be useful if you are encrypting data on the control connection, for example with Transport Layer Security (TLS). If your data passes through a firewall using Network Address Translation (NAT), the firewall is not be able to interpret the IP address on the PASV reply, which may cause problems. By using the EPSV command and reply, no IP address is sent, rather the client and server already understand the address.
Using a NETRC file provides an alternative to specifying a user ID and password when logging in.
The NETRC file contains a set of configuration statements consisting of the keywords MACHINE, LOGIN, and PASSWORD as follows:
MACHINE server_address LOGIN user_ID PASSWORD password
Location of NETRC file:
Clients using the NETRC file can log in by specifying only the FTP server's IP address or host name. The client locates the NETRC file and searches for a match of the MACHINE value to know which user ID and password to use on the login.
If the NETRC file identifies FTP servers by host name, but the client's login specifies an IP address, the client would have to resolve the IP address to a host name to find a match.
If you want the client to resolve all IP addresses to host names prior to searching the NETRC file, select "Yes, I use NETRC login files which need the host name."
Use this panel to configure your FTP logging preferences. FTP makes use of both the SMF facility and system SYSLOGD facility to log specific FTP events. Both methods of logging are configured from this panel.
Before you begin, understand if you want to log events using SMF records or using the system logging daemon, SYSLOGD.
Steps
You have completed this panel when you have completed your SMF logging and SYSLOGD logging decisions.
You can find more detailed help on the following elements of this window:
Push buttons
Click Event List... to configure specific FTP events to log using SMF.
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
The FTP server can log specific FTP events using the SMF facility. Following is the list of events logged using SMF:
For each of these events you can choose to write the SMF records as Type 118 or Type 119. Type 119 records provide more information, including information about sessions using IPv6. Type 119 records are recommended. You can record both Type 118 and Type 119, but this is not recommended due to performance implications.
If you select the "Log all FTP events: (SMF)", then the server will log an event record for each of the events listed above. You can also select whether the record Type is 118 or 119.
The subtypes for the events for Type 118 records are:
More advanced users may want to log only specific events or may want to use Type 118 records with non-standard subtypes. Select "Log selected events:" and click the "Event List..." button to configure more advanced customization for SMF logging.
If you use the FTP exit FTPSMFEX, you can select to record an event each time the EXIT is called. This applies only when using type 118 records. No FTP-specific exit is called for type 119 records.
Your SMF settings are applicable only when the FTP server is in FILETYPE=SEQ (normal) mode. If you want the SMF settings to also apply when the server is in FILETYPE=JES or FILETYPE=SQL mode, check the respective boxes.
The FTP server provides event logging using the system SYSLOGD facility. Following are the types of events logged by the server:
Each event is logged as a message with message numbers in the range EZYFS50 to EZYFS95.
Following is an example of one of the logged messages.
EZYFS50I ID=sessionID CONN starts Client IPaddr=ipaddr hostname=hostnameExplanation: This log entry is made by the FTP daemon when it accepts a client connection request. The keyword CONN identifies the entry as a connection log entry.
sessionID uniquely identifies the FTP session between a client and a server. The identifier is created by combining the jobname of the FTP daemon with a five-digit number in the range 00000-99999. This identifier is in each log entry for the session until message EZYFS52I, which is the last entry for the session.
ipaddr is the IP address of the FTP client. The IP address may be either an IPv4 or an IPv6 address.
hostname is the name of the FTP client. If the name cannot be resolved, UNKNOWN is displayed.
System Action: FTP continues.
User or Operator Response: None.
System Programmer Response: None.
Source Data Set: EZAFTPBU
Procedure Name: logCONN.
Use this panel to set timer intervals used by the FTP client.
Here you are able to specify timers that determine when a session is closed due to no response. You can also specify the keepalive interval to keep the control connection active.
The timers are all optional. If you do not want to use a timer make sure that the check box is not selected.
Before you begin, know if you want to specify keepalive, session timeout intervals, or any data connection timers.
Steps
You have completed this panel if you have made desired changes to the timers.
Fields
Push buttons
Click Data Connection Timers... to customize data connection timers.
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
Keepalive is used to send packets over the control connection to keep a session active. This helps avoid the firewall from timing out and closing the control connection. Use the keepalive interval to specify the number of seconds that the keepalive mechanism should wait before sending another packet.
Check the box labeled "Use keepalive" to activate this function and optionally you may modify the interval.
Syntax rules:
Use the login timeout interval to specify the amount of time in seconds that the client should wait for a session to be opened. If a session is not opened in the time specified the attempt will be ended and an error is reported.
Check the box labeled "Use login timeout" to activate this function and optionally you may modify the interval.
Syntax rules:
Use the response timeout interval to specify the amount of time in seconds that the client should wait for a response from the server. If a response is not receive before the timer expires the session is closed and an error is reported. Response timeout applies to both the control and data connections.
Check the box labeled "Use response timeout" to activate this function and optionally you may modify the interval.
Syntax rules:
Use the closing control connection timeout interval to specify the amount of time in seconds that the client should wait for a session to be closed. If a session is not closed in the time specified the control connection will be closed and an error is reported.
Check the box labeled "Use CCONNTIME function" to activate this function and optionally you may modify the interval.
Syntax rules:
Clicking this button takes you to a panel that displays timers that are used only on the data connection. You be able to customize the data connection timers. When finished, you will be returned to this panel.
Use this panel to indicate the file system a user will see after a login.
You may choose whether users see the z/OS UNIX hierarchical file system (zFS) or MVS data sets.
If you select zFS, when the user logs in, the initial working directory is the user's root directory in the zFS.
If you select MVS data sets, when the user logs in, the initial working directory is an MVS data set. The data set name is the same as the login user ID.
You have completed this panel after selecting the default working directory.
Push buttons
Click Next to advance to the next wizard panel.
Click Back to return to the previous wizard panel.
Click Cancel to negate any entries you have made in this wizard.
Click Help to understand more about this panel.
Use this panel to set options related to reading and writing MVS data sets.
Steps
You have completed this panel after you have made your selections.
You can find more detailed help on the following elements of this window:
Trailing blanks (TRAILINGBLANKS)
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
Specify whether trailing blanks in a fixed format data set are transferred when the data set is transferred.
This option is available when configuring an FTP client or an FTP server. If you are configuring a client, this applies when transferring files to the server's system (for example with a PUT). If you are configuring a server, this applies when transferring files to the client's system (for example with a GET).
Specify which action FTP should take if an incoming data record is longer than the logical record length of the target data set.
You can choose to truncate the record, wrap the record to the next line, or end the transfer and report an error.
This option is available when configuring an FTP client or an FTP server. If you are configuring a client, this applies when transferring files to the client's system (for example with a GET). If you are configuring a server, this applies when transferring files to the server's system (for example with a PUT).
Indicate whether a file should be kept or deleted if a file transfer ends prematurely.
This option is available when configuring an FTP client or an FTP server. If you are configuring a client, this applies when writing files to the client's system (for example with a GET). If you are configuring a server, this applies when writing the file to the server's system (for example with a PUT).
Your selection on this panel will apply to both zFS file transfers and MVS data set transfers.
Select "Keep the partial file" to indicate the file or data set should be kept if the transfer ends prematurely. For MVS data sets, it is both kept and cataloged.
Select "Delete the partial file" to indicate the file or data set should be deleted if the transfer ends prematurely.
Use this panel to configure a z/OS FTP server when you want to base its configuration on an existing FTP server. All settings for the new server will be identical to the old server except for the control connection port, the start procedure name, and the configuration file member name.
An FTP server configuration file and start procedure will be created as members of partitioned data set extend (PDSE). The PDSE name was assigned in the Basic settings task.
Steps
You have completed this panel after you have entered the server's control port number, the server's configuration file PDSE member name, and the server's start procedure name.
You can find more detailed help on the following elements of this window:
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
You are creating a new FTP server and basing its configuration on an existing server. All settings for the new server will be identical to the existing server except for the control connection port, the start procedure name, and the configuration file member name.
The control connection port number, the configuration file member name, and the start procedure name of the existing server, which is being copied, is shown for your convenience.
You are creating a new FTP server and basing its configuration on an existing server. All settings for the new server will be identical to the existing server except for the control connection port, the start procedure name, and the configuration file member name.
You must specify the control connection port number, the start procedure name, and the configuration file member name for the new server.
An FTP server configuration file and start procedure will be created as members of partitioned data set extended (PDSE). This PDSE name was assigned in the Basic settings task.
You are creating a new FTP server and basing its configuration on an existing server. All settings for the new server will be identical to the existing client except for the control port, the start procedure name, and the configuration file member name.
The control connection port number is the port number the FTP server will use to listen for incoming logins.
This port number must not be conflict with other port reservations. Both the port number you specify and the port number - 1, will be reserved for the FTP server. Therefore, other applications must not already have reserved these ports.
If another application has already reserved the ports, you will be asked if you want to negate the reservation for the other application and proceed with your FTP server's port reservation request.
If the port is already reserved for another FTP server, you will be asked if you want to bind an IP address to this FTP server's port reservation. If you decide to bind an IP address, then your server will connect only to clients using this bind IP address when logging in.
To see all port reservations, return to the IBM TCP/IP Configuration Demo for z/OS main customization panel and go to the Basic Settings task.
Syntax rules:
You are creating a new FTP server and basing its configuration on an existing server. All settings for the new server will be identical to the existing server except for the control port, the start procedure name, and the configuration file member name.
An FTP server start procedure will be created as a member of a partitioned data set extended (PDSE). This PDSE name was assigned in the Basic settings task. To change the PDSE name, return to the IBM TCP/IP Configuration Demo for z/OS main customization panel and go to the Basic Settings task.
Syntax rules:
You are creating a new FTP server and basing its configuration on an existing server. All settings for the new server will be identical to the existing server except for the control port, the start procedure name, and the configuration file member name.
An FTP server configuration file will be created as a member of a partitioned data set extended (PDSE). This PDSE name was assigned in the Basic settings task. To change the PDSE name, return to the IBM TCP/IP Configuration Demo for z/OS main customization panel and go to the Basic Settings task.
Syntax rules:
Use this panel to set timeout intervals on the data connection.
Here you are able to specify the maximum time allowed for the data transfer, or to specify the time to wait for the finished flag(FIN) after attempting to close the connection. If any of these timers expire, they will close the data connection and report an error.
All of the timers are optional. If you do not want to user a timer, make sure that the check box is not selected.
Before you begin, know if you want to specify a time limit on the data transfer and if you want to specify the time to wait for the finished flag.
Steps
You have completed this panel if you have made desired changes to the data connection timers.
Fields
Client transfer timeout (DATACTTIME)
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
Use the client transfer timeout interval to set the amount of time in seconds that the client waits after attempting to send or receive data before terminating the connection and reporting an error to the user.
The client transfer timeout interval is used to set the maximum amount of time, in seconds, that the client keeps the data connection open. The timer starts as soon as the data connection is opened, and if the transfer is not completed when the timer expires, an error is reported and the data connection is closed.
Check the box labeled "Use data timeout function" to activate this function and optionally you may modify the interval.
Syntax rules:
Use the FIN wait timeout interval to set the amount of time in seconds to wait for the finished flag(FIN) in the TCP packet header after a close request is issued. If the FIN is not received before the time specified, the connection is closed and an error is reported.
Check the box labeled "Use DCONNTIME function" to activate this function and optionally you may modify the interval.
Syntax rules:
Use this panel to configure the action FTP should take when a file transfer ends prematurely and to configure the scope of a wildcard search FTP should use.
Steps
You have completed this panel after you have made your selections.
You can find more detailed help on the following elements of this window:
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
Indicate whether a file should be kept or deleted if a file transfer ends prematurely.
This option is available when configuring an FTP client or an FTP server. If you are configuring a client, this applies when writing files to the client's system (for example with a GET). If you are configuring a server, this applies when writing the file to the server's system (for example with a PUT).
Your selection on this panel will apply to both zFS file transfers and MVS data set transfers.
Select "Keep the partial file" to indicate the file or data set should be kept if the transfer ends prematurely. For MVS data sets, it is both kept and cataloged.
Select "Delete the partial file" to indicate the file or data set should be deleted if the transfer ends prematurely.
Indicate whether wildcard searches should span subdirectories or apply only to the current working directory.
This option is available when configuring an FTP client or an FTP server. If you are configuring a client, it applies when issuing an mput * command. If you are configuring a server, it applies when issuing any of the following commands: mget * , ls * , or mdelete * . This setting only applies when the * wildcard is used and it searches only the subdirectories of the current path. It does not search multiple depths of subdirectories.
Example
Directory: "/u/user1/xx" contains the following files and subdirectory:
areadme (file)
file_xx (file)
readme_xx (file)
ggg (subdirectory)
Directory "u/user1/xx/ggg" contains the following file and subdirectory:
file_ggg (file)
zzz (subdirectory)
Directory "u/user1/xx/ggg/zzz" contains the following file and subdirectory:
file_zzz (file)
rrr (subdirectory)
The following display shows these files and directories:
250 HFS directory /u/user1/xx is the current working directory ftp> ls -l 200 Port request OK. 125 List started OK total 40 -rwx------ 1 IBMUSER 0 48 Oct 29 21:14 areadme -rwx------ 1 IBMUSER 0 10 Nov 1 16:02 file_xx drwxrwxrwx 3 IBMUSER 0 8192 Nov 1 16:00 ggg -rwx------ 1 IBMUSER 0 23 Oct 29 21:06 readme_xx 250 List completed successfully. 260 bytes received in 0.03 seconds (8.67 Kbytes/sec) ftp> cd ggg 250 HFS directory /u/user1/xx/ggg is the current working directory ftp> ls -l 200 Port request OK. 125 List started OK total 24 -rwx------ 1 IBMUSER 0 6 Nov 1 16:00 file_ggg drwxr-x--- 3 IBMUSER 0 8192 Nov 1 16:01 zzz 250 List completed successfully. 133 bytes received in 0.02 seconds (6.65 Kbytes/sec) cd zzz 250 zFS directory /u/user1/xx/ggg/zzz is the current working directory ftp> ls -l 200 Port request OK. 125 List started OK total 24 -rwx------ 1 IBMUSER 0 4 Nov 1 16:00 file_zzz drwxr-xr-x 2 IBMUSER 0 8192 Nov 1 16:01 rrr 250 List completed successfully. 133 bytes received in 0.01 seconds (13.30 Kbytes/sec)
If you select "Restrict wildcard searches to only current working directory", the client will see the following:
257 "/u/user1/xx" is the HFS working directory. ftp> ls * 200 Port request OK. 125 List started OK areadme file_xx readme_xx 250 List completed successfully. 29 bytes received in 0.02 seconds (1.45 Kbytes/sec)
If you select "Wildcard searches should span subdirectories", the client will see the following:
257 "/u/user1/xx" is the HFS working directory. ftp> ls * 200 Port request OK. 125 List started OK areadme file_xx ggg/file_ggg readme_xx 250 List completed successfully. 42 bytes received in 0.04 seconds (1.05 Kbytes/sec)Differences
When spanning subdirectories with the wildcard, * , the file ggg/file_ggg is shown. However, the file ggg/zzz/file_zzz is not shown since the subdirectory span is only one level deep.
Use this panel to specify file names containing messages displayed to clients when changing directories during an FTP session.
Before you begin, decide if the FTP server should send customized messages to clients changing directories.
Steps:
You have completed this panel when you have entered the files names associated with the respective messages. All fields are optional, therefore, no entries are required if these functions are not desired.
You can find more detailed help on the following elements of this window:
Message file for named users (HFSINFO)
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
The FTP server can be configured to display customized messages to the clients when the user changes MVS directories.
To activate any of these messages, specify the LLQ of the data sets containing the messages in the respective field on the configuration panel. Use of directory change messages is optional.
Use of the MVSINFO data set low level qualifier (LLQ) is optional and is applicable only to named users. If no MVSINFO LLQ is specified, no messages are displayed to the client when the user changes MVS directories. If an MVSINFO LLQ is specified, then each time the user changes MVS directories, the FTP server appends the specified low level qualifier (LLQ) to the current path to locate the message file in the new directory. The file containing the message may be a physical sequential data set or a member of a PDS. If the server finds a matching file, the file contents are displayed to the client. If no match is found, no messages are displayed to the client.
Example:
The user configures the MVSINFO Low Level Qualifier as: README
The data set USER5.README contains the words:
This is my MVSINFO message. Entered USER5
The file USER5.XX.README contains the words:
This is an MVSINFO message. Entering USER5.XX
When the client logs in, and changes directories, the following is displayed to the client:
Connected to 9.42.103.112. 220-FTPD1 IBM FTP CS V1R4 at MVS171.tcp.raleigh.ibm.com, 13:52:51 on 2002-10-30. 220-MY BANNER MESSAGE. THIS IS MY EMAIL ADDRESS myaddress@us.mycompany.com 220 Connection will not timeout. User (9.42.103.112:(none)): user1 331 Send password please. Password: 230 USER1 is logged on. Working directory is "USER1.". ftp> cd .. 250 "" is the working directory name prefix. ftp> cd user5 250-This is my MVSINFO message. Entered USER5 250 "USER5." is the working directory name prefix. ftp> cd xx 250-This is an MVSINFO message. Entering USER5.XX 250 "USER5.XX." is the working directory name prefix. ftp> cd .. 250 "USER5." is the working directory name prefix. ftp> cd xx 250 "USER5.XX." is the working directory name prefix. ftp>
In this example, when the user first changes to directory, USER5, the message "250-This is my MVSINFO message. Entered USER5" is displayed. The user next changes to directory, USER5.XX, and the message "This is an MVSINFO message. Entering USER5.XX" is displayed. However, when the user changes to directory, USER5, for the second time, no message is displayed. The server displays the MVSINFO message only the first time a directory is entered. Because the server maintains a finite history of directory changes, if the user performs frequent directory changes, it is possible the client will see the message more than just the first time.
To show a message to the client when changing MVS directories, enter the MVS data set low level qualifier of the file(s) containing the message.
Syntax rules:
The FTP server can be configured to display customized messages to clients when the user changes zFS directories.
To activate any of these messages, specify the relative path and/or file name of the files containing the messages in the respective field on the configuration panel. Use of directory change messages is optional.
Use of the HFSINFO file is optional and is applicable only to named users. If no HFSINFO file is specified, no messages are displayed to the client when the user changes file system directories. If an HFSINFO file is specified, then each time the user changes zFS directories, the FTP server will search for the specified file name in the new directory. If the server finds a matching file, the files contents are displayed to the client. If no match is found, no messages are displayed to the client.
Wild cards can be specified as the last character of the HFSINFO file name, such as "readme*". This could result in multiple matches. If the server finds multiple matches, only the contents of the first match are displayed to the client.
Example:
The user configures the HFSINFO filename as: readme*
The file /u/user1/readme_user1 contains the words:
Entering directory /user1
The file /u/user1/xx/readme_xx contains the words:
Entering directory /xx
When the client logs in, and changes directories, the following is displayed to the client:
D:\>ftp 9.42.103.112 Connected to 9.42.103.112. 220-FTPD1 IBM FTP CS V1R4 at MVS171.tcp.raleigh.ibm.com, 21:06:42 on 2002-10-29. 220-MY BANNER MESSAGE. THIS IS MY EMAIL ADDRESS myaddress@us.mycompany.com 220 Connection will not timeout. User (9.42.103.112:(none)): user1 331 Send password please. Password: 230 USER1 is logged on. Working directory is "/u/user1". ftp> cd xx 250-Entering directory /xx 250 HFS directory /u/user1/xx is the current working directory ftp> cd .. 250-Entering directory /user1 250 HFS directory /u/user1 is the current working directory ftp> cd xx 250 HFS directory /u/user1/xx is the current working directory ftp>
In this example, when the user first changes to directory, xx, the message "250-Entering directory /xx" is displayed. The user next backs up to directory, user1, and the message "250-Entering directory /user1" is displayed. However, when the user changes to directory, xx, for the second time, no message is displayed. The server displays the HFSINFO message only the first time a directory is entered. Because the server maintains a finite history of directory changes, if the user performs frequent directory changes, it is possible the client will see the message more than just the first time.
To show a message to the client when changing file system directories, enter the zFS file containing the message.
Syntax rules:
You have completed the z/OS FTP client configuration. Click "Finish" to save your settings.
After clicking "Finish":
Push buttons
Click Back to return to the previous wizard panel.
Click Finish to complete the wizard panels' specification.
Click Cancel to negate any entries you have made in this wizard.
Click Help to understand more about this panel.
Use this wizard to configure MVS data set attributes FTP will use when creating data sets. This wizard is available both when configuring FTP clients and FTP servers. The settings are applicable to clients when creating data sets on the client's system. The settings are applicable to servers when creating data sets on the server's system.
An FTP user can modify these settings using the LOCSITE and SITE commands, but the modifications apply to only that user's session.
Before you begin, decide whether to obtain settings from an existing data set, or from any Storage Management Subsystem (SMS) classes. You have the option of individually specifying data set attributes, inheriting attributes from an existing model data set, or obtaining attributes from SMS class definitions.
For example, the Logical Record Length (LRECL) attribute can be obtained from an SMS data class, from an existing model data set, or set individually.
Since you can specify SMS classes, a model data set, and individual attribute settings, the following list shows the policy used to determine an attribute value. The list is order of precedence:
When using a storage class, the values for volume, unit name, and unit count are
obtained from the storage class.
Steps
You have completed this panel after optionally entering the fully-qualified model data set name and optionally entering SMS class names.
You can find more detailed help on the following elements of this window:
Push buttons
Click Next to advance to the next wizard panel.
Click Cancel to negate any entries you have made in this wizard.
Click Help to understand more about this panel.
Syntax rules:
Syntax rules:
Use this panel to enable FTP server functions that were not included in RFC 959.
Steps
You have completed this panel after making your desired selections.
Fields
Checking the box labeled "Enable the FTP server to respond to the MDTM command." allows the server to reply with the time a file was last modified when responding to the MDTM (modify time) command. Since this function was not part of RFC 959, you must check this box to enable this function. The MDTM command is applicable only for zFS files.
It is recommended you enable this function since there are no performance or integrity concerns.
Checking the box labeled "Enable the FTP server to respond to the SIZE command." allows the server to reply with the size of a file or files when responding the SIZE command. Since this function was not part of RFC 959, you must check this box to enable this function. Enabling the server to respond to the SIZE command does have some performance implications, since the server must count the number of bytes in a file.
Checking the box labeled "Enable the FTP server to restart stream mode file transfers" enables the server restart function. Enabling the SIZE extension is a prerequisite for the restart function.
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
Use this panel for settings related to data set migration.
Steps
You have completed this panel after optionally entering a volume id for migrated data sets and making your desired selection for automatic recall of migrated data sets.
You can find more detailed help on the following elements of this window:
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
Indicates the volume ID for migrated data sets which use non-IBM storage management systems. If you do not specify a value, the default, MIGRAT, will be used.
This setting is available both when configuring FTP clients and FTP servers. It is applicable to clients when accessing files on the client's system. It is applicable to servers when accessing files on the server's system.
Syntax Rules:
If you use a storage manager, such as IBM's System Management Subsystem (SMS) DFShsm, low activity data sets may be migrated from user-accessible volumes to DFSMShsm volumes to reduce space occupied by data on user-accessible volumes.
Select "Permit migrated data sets to be automatically recalled", to allow FTP to automatically recall migrated data sets.
Select "Prevent migrated data sets from being automatically recalled", if you do not want FTP to automatically recall migrated data sets.
This setting is available both when configuring FTP clients and FTP servers. It is applicable to clients when accessing files on the client's system, for example when issuing a PUT command. It is applicable to servers when accessing files on the server's system, for example when issuing a GET command.
The FTP.DATA configuration statement used to define the default permissions for newly created zFS files is UMASK. The value specified on the UMASK statement represents which permission bits are not set on when a file is created. This value is entered as a 3 digit octal mask.
When FTP creates a file it assumes the permission bits are 666 (-rw-rw-rw-), which correspond to:
Example:
If the UMASK value is 027
110110110 - bits from the default 666 value FTP uses
000010111 - bits from the 027 UMASK setting
_________
110100000 - the resulting value is 640
After turning off all bits from the 027 UMASK setting, the resulting default permission bits for newly created files are 640 (-rw-r-----), which correspond to:
Syntax rules:
When this panel is initially displayed, the UMASK value is set to match the permission bits setting configured on the File Permissions panel. After leaving this panel by clicking "OK", you will return to the File Permissions panel where the permission bits settings on the File Permissions panel will reflect the new UMASK value.
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
Use this panel to set a timeout for TLS handshake processing. This timeout is the maximum time between full TLS handshakes. If this time period has not been reached since the last full handshake, a partial handshake occurs when a data connection is protected by TLS.
Syntax rules:
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
Use this panel to select the specific FTP events you want to log using the System Management Facility (SMF).
Before you begin decide which events you want to log as SMF records.
Steps
You have completed this panel when you have selected the events to log using SMF and selected the record type for the events you select. You must select to log at least one event and you must select a record type for each event you select.
You can find more detailed help on the following elements of this window:
APPEND command events (SMFAPPE)
DELETE command events (SMFDEL)
RENAME command events (SMFREN)
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
If you want to log an SMF record when the server processes an APPE (APPEND) command, check the box labeled "APPEND command events (SMFAPPE)".
You may record Type 118 or Type 119 records for the APPEND events. Type 119 provide more information, including information related to IPv6. Type 119 records are recommended.
You may check both "Type 118" and "Type 119" to log both record types, however, this is not recommended due to performance implications.
If you select to use Type 118 records, you can modify the subtype. The default subtype is 70 and can also be specified as STD. The subtype for Type 119 records is 70 and cannot be changed.
Enter the subtype for Type 118 records.
Syntax rules:
If you want to log an SMF record when the server processes a DELE (DELETE) command, check the box labeled "DELETE command events (SMFDEL)".
You may record Type 118 or Type 119 records for the DELETE events. Type 119 provide more information, including information related to IPv6. Type 119 records are recommended.
You may check both "Type 118" and "Type 119" to log both record types, however, this is not recommended due to performance implications.
If you select to use Type 118 records, you can modify the subtype. The default subtype is 71 and can also be specified as STD. The subtype for Type 119 records is 70 and cannot be changed.
If you want to log an SMF record when the server processes a login failure, check the box labeled "Login failures (SMFLOGN)".
You may record Type 118 or Type 119 records for the login failure events. Type 119 provide more information, including information related to IPv6. Type 119 records are recommended.
You may check both "Type 118" and "Type 119" to log both record types, however, this is not recommended due to performance implications.
If you select to use Type 118 records, you can modify the subtype. The default subtype is 72 and can also be specified as STD. The subtype for Type 119 records is 72 and cannot be changed.
If you want to log an SMF record when the server processes a RNFT or RNTO (RENAME) command, check the box labeled "RENAME command events (SMFREN)".
You may record Type 118 or Type 119 records for the RENAME events. Type 119 provide more information, including information related to IPv6. Type 119 records are recommended.
You may check both "Type 118" and "Type 119" to log both record types, however, this is not recommended due to performance implications.
If you select to use Type 118 records, you can modify the subtype. The default subtype is 73 and can also be specified as STD. The subtype for Type 119 records is 70 and cannot be changed.
If you want to log an SMF record when the server processes a RETR (RETRIEVE) command, check the box labeled "RETRIEVE command events (SMFRETR)".
You may record Type 118 or Type 119 records for the RETRIEVE events. Type 119 provide more information, including information related to IPv6. Type 119 records are recommended.
You may check both "Type 118" and "Type 119" to log both record types, however, this is not recommended due to performance implications.
If you select to use Type 118 records, you can modify the subtype. The default subtype is 74 and can also be specified as STD. The subtype for Type 119 records is 70 and cannot be changed.
If you want to log an SMF record when the server processes a STOR (STORE) or STOU (STORE UNIQUE) command, check the box labeled "STORE and STORE UNIQUE command events (SMFSTOR)".
You may record Type 118 or Type 119 records for the STORE and STORE UNIQUE events. Type 119 provide more information, including information related to IPv6. Type 119 records are recommended.
You may check both "Type 118" and "Type 119" to log both record types, however, this is not recommended due to performance implications.
If you select to use Type 118 records, you can modify the subtype. The default subtype is 75 and can also be specified as STD. The subtype for Type 119 records is 70 and cannot be changed.
Use this panel to configure server options that could affect the integrity of your system.
Before you begin it is recommended that you read the detailed help information related to this panel to decide which options meet your needs.
Steps
You have completed this panel once you have evaluated and set the desired system integrity options.
You can find more detailed help on the following elements of this window:
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
Some information returned to clients may be considered sensitive and for security reasons you may not want the end user to see it.
If a client attempts to login, but enters an incorrect password, you may not want to provide detailed information such as the errno or reason codes on the failure message.
Example
If you do not check the box labeled "Do not send detailed login failure messages (ACCESSERRMSGS)" and
the login fails because the password was incorrect, the client will see the following:
D:\>ftp 9.42.103.112 Connected to 9.42.103.112. 220-FTPD1 IBM FTP CS V1R4 at MVS171.tcp.raleigh.ibm.com, 16:11:22 on 2002-10-31. 220 Connection will not timeout. User (9.42.103.112:(none)): user1 331 Send password please. Password: 530-Error on __passwd() function call, errno=111, rsncode=090C0000 530-The username is unknown 530 PASS command failed Login failed. ftp>
If you do check the box labeled "Do not send detailed login failure messages (ACCESSERRMSGS)" and
the login fails because the password was incorrect, the client will see the following:
D:\>ftp 9.42.103.112 Connected to 9.42.103.112. 220-FTPD1 IBM FTP CS V1R4 at MVS171.tcp.raleigh.ibm.com, 16:21:17 on 2002-10-31. 220 Connection will not timeout. User (9.42.103.112:(none)): user1 331 Send password please. Password: 530 PASS command failed Login failed. ftp>
If you choose not to send detailed login failure messages, you can trace them instead by checking the box labeled "Log failure messages (DEBUG ACC)".
You may want to configure the server not to show clients secure information such as IP addresses, host names, or port numbers, etc. Check the box labeled "Do not send sensitive information to clients (REPLYSECURITYLEVEL)" to direct the server not to send such information.
Example:
If you do check the box labeled "Do not send sensitive information to clients (REPLYSECURITYLEVEL)"
the client will see the following:
# ftp loopback IBM FTP CS V1R4 FTP: using TCPCS Connecting to: loopback.TCP.RALEIGH.IBM.COM 127.0.0.1 port: 21. 220-IBM FTP, 17:57:42 on 2002-10-31. 220 Connection will not timeout. NAME (loopback:USER3): user3 >>> USER user3 331 Send password please. PASSWORD: >>> PASS 230 USER3 is logged on. Working directory is "USER3.". Command: stat >>> STAT 211-User: USER3 Working directory: USER3. 211-The control connection has transferred 115 bytes 211-There is no current data connection. 211-The next data connection will be actively opened 211-using Mode Stream, Structure File, type ASCII, byte-size 8 211-Automatic recall of migrated data sets. 211-Automatic mount of direct access volumes. 211-Auto tape mount is allowed. 211-Inactivity timer is disabled 211-VCOUNT is 59 211-ASA control characters in ASA files opened for text processing 211-will be transferred as ASA control characters. 211-Trailing blanks are removed from a fixed format 211-data set when it is retrieved. 211-Data set mode. (Do not treat each qualifier as a directory.) 211-ISPFSTATS is set to FALSE 211-Primary allocation 55 cylinders. Secondary allocation 55 cylinders. 211-FileType SEQ (Sequential - default). 211-Number of access method buffers is 5 211-RDWs from variable format data sets are discarded. 211-Records on input tape are unspecified format 211-SITE DB2 subsystem name is DB2 211-Data not wrapped into next record. 211-Tape write is not allowed to use BSAM I/O 211-Truncated records will not be treated as an error 211-JESLRECL is 80 211-JESRECFM is Fixed 211-JESINTERFACELEVEL is 1 211-ENcoding is set to SBCS 211-SBSUB is set to FALSE 211-SBSUBCHAR is set to SPACE 211-SMS is active. 211-Dataclass for new data sets is DATAF 211-Data sets will be allocated on CPDLB2,CPDLB3. 211-New data sets will be deleted if a store operation ends abnormally 211-Single quotes will override the current working directory. 211-UMASK value is 027 211-Checkpoint interval is 0 211-Authentication type: None 211 *** end of status *** Command:
If you do NOT check the box labeled "Do not send sensitive information to clients (REPLYSECURITYLEVEL)"
the client will see the following:
# ftp loopback IBM FTP CS V1R4 FTP: using TCPCS Connecting to: loopback.TCP.RALEIGH.IBM.COM 127.0.0.1 port: 21. 220-FTPD1 IBM FTP CS V1R4 at MVS171.tcp.raleigh.ibm.com, 17:52:55 on 2002-10-31. 220 Connection will not timeout. NAME (loopback:USER3): user3 >>> USER user3 331 Send password please. PASSWORD: >>> PASS 230 USER3 is logged on. Working directory is "USER3.". Command: stat >>> STAT 211-Server FTP talking to host 127.0.0.1, port 1026 211-User: USER3 Working directory: USER3. 211-The control connection has transferred 115 bytes 211-There is no current data connection. 211-The next data connection will be actively opened 211-to host 127.0.0.1, port 1026, 211-using Mode Stream, Structure File, type ASCII, byte-size 8 211-Automatic recall of migrated data sets. 211-Automatic mount of direct access volumes. 211-Auto tape mount is allowed. 211-Inactivity timer is disabled 211-VCOUNT is 59 211-ASA control characters in ASA files opened for text processing 211-will be transferred as ASA control characters. 211-Trailing blanks are removed from a fixed format 211-data set when it is retrieved. 211-Data set mode. (Do not treat each qualifier as a directory.) 211-ISPFSTATS is set to FALSE 211-Primary allocation 55 cylinders. Secondary allocation 55 cylinders. 211-FileType SEQ (Sequential - default). 211-Number of access method buffers is 5 211-RDWs from variable format data sets are discarded. 211-Records on input tape are unspecified format 211-SITE DB2 subsystem name is DB2 211-Data not wrapped into next record. 211-Tape write is not allowed to use BSAM I/O 211-Truncated records will not be treated as an error 211-JESLRECL is 80 211-JESRECFM is Fixed 211-JESINTERFACELEVEL is 1 211-ENcoding is set to SBCS 211-SBSUB is set to FALSE 211-SBSUBCHAR is set to SPACE 211-SMS is active. 211-Dataclass for new data sets is DATAF 211-Data sets will be allocated on CPDLB2,CPDLB3. 211-New data sets will be deleted if a store operation ends abnormally 211-Single quotes will override the current working directory. 211-UMASK value is 027 211-Process id is 52 211-Checkpoint interval is 0 211-Authentication type: None 211 *** end of status *** Command:
Differences in above example
If you do NOT check the box labeled "Do not send sensitive information to clients (REPLYSECURITYLEVEL)",
220-FTPD1 IBM FTP CS V1R4 at MVS171.tcp.raleigh.ibm.com, 17:52:55 on 2002-10-31.
211-Server FTP talking to host 127.0.0.1, port 1026 211-to host 127.0.0.1, port 1026, 211-Process id is 52
The server can be configured to allow clients to turn on diagnostic traces during an FTP session by issuing SITE DEBUG or SITE DUMP commands. Running excessive traces could result in performance degradation of your system and, by default, clients are not allowed to turn them on.
If you would like clients to be able to turn on and modify the internal trace settings, check the boxes labeled "General tracing options (DEBUGONSITE)" and "Extended tracing options (DUMPONSITE)". Checking these boxes will allow clients to issue the SITE DEBUG and/or SITE DUMP commands, respectively.
An FTP client in PROXY mode with your FTP server can establish a data connection to another FTP server and send large amounts of data from your server to the other server. Therefore, a malicious FTP client in PROXY mode can attack servers by sending large amounts of data from your server to another, resulting in severe performance degradation. Since the client is indirectly sending the data, it is more difficult to immediately determine the location of the malicious client.
You can prevent this type of attack by selecting "No" under the question "Should the server accept port commands?". However, in selecting "No", the server loses some ability to transfer data in PROXY mode. If the client is not configured as firewall friendly, the client cannot execute commands such as GET, PUT, MPUT, MGET and APPEND in proxy mode. A firewall friendly client can still execute these commands in proxy mode.
Since indicating the server should not accept PORT commands results in significant limitations, an alternative is restrict the usage of the PORT command. You can allow clients in proxy mode to do data transfers, but can apply the following restrictions.
Use this panel to specify the translation option for the control connection.
Translation is performed for FTP commands and replies sent over the control connection.
Before you begin, you should understand:
Translation options for the control connection:
Steps
You have completed this panel after selecting the translation option and entering the translation table or code page, if applicable.
You can find more detailed help on the following elements of this window:
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
The location of the translation table created by the user is specified differently for FTP clients than for FTP servers.
If you are configuring an FTP server you will enter the fully qualified MVS data set or zFS file name.
If you are configuring an FTP client, you specify only a low level qualifier (LLQ) of the data set.
The client will look for your translation table in data set 'user_id.your_llq.TCPXLBIN'. If not found it
will look for 'hlq.your_llq.TCPXLBIN'.
Example
If you specify a value of 'MYTRANS', FTP will look for data set 'user_id.MYTRANS.TCPXLBIN'.
The client design allows for different login user IDs to use different translation tables.
Input can be either a fully-qualified MVS data set or an zFS file name.
Syntax rules
If input is Fully qualified MVS data set
If input is zFS file name
Syntax rules
An iconv encoded character set.
Syntax rules:
FTP allows you to specify multi-byte translation tables in two different ways.
FTP allows you to specify multi-byte translation tables in two different ways.
Use this panel to specify which internal multi-byte tables are available for FTP.
You can select any or all of the translation tables or specify none. However, additional virtual storage may be required by the FTP server and client when a large number of translation tables are loaded at the same time.
To use these translation table during your FTP session, you must enter the TYPE command from the FTP client to enable them.
LOADDBCSTABLES is a TCPIP.DATA configuration statement which will be created automatically. If you do not use the TCPIP.DATA file created by the GUI, you will need to add a LOADDBCSTABLES statement for each table you have selected.
You have completed this panel after you have selected the DBCS tables FTP will use.
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
The TSO CONVXLAT command converts a table from editable text to binary. CONVXLAT can be used to convert both SBCS and DBCS table source data sets. The basic syntax of the CONVXLAT command is:
The InputDataSet specifies the source data set name to be converted. The OutputDataSet specifies the destination for the data set created by the conversion. For both the InputDataSet and the OutputDataSet, the names must be enclosed in quotes if fully qualified, otherwise the TSO user ID is appended as a prefix.
The following example shows the creation of a SBCS binary table from
customized text tables that reside in CS390.CS14.PRD.SEZATCPX(CUSTOM).
CONVXLAT 'CS390.CS14.PRD.SEZATCPX(CUSTOM)' 'USER5.BAILEY.TCPXLBIN' READY
Use this panel to define the FTP client configuration file location by specifying a member name and to indicate if the client should use a security protocol to provide data privacy and integrity as well as login authentication.
Before you begin you should:
Steps
You have completed this panel after you have entered the member name and selected your security choice. If you choose to use security, click the "Security Settings..." button to customize your security settings.
You can find more detailed help on the following elements of this window:
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
An FTP client configuration file is created as a member of a partitioned data set extended (PDSE). The name of the PDSE was assigned in the Basic Settings task. To modify the PDSE name, return to the IBM TCP/IP Configuration Demo for z/OS main customization panel and go the Basic Settings task.
Syntax rules:
The client can use either the Transport Layer Security (TLS) or the Kerberos security protocol. The Secure Sockets Layer (SSL) protocol is included in TLS.
Both protocols provide login authentication, data encryption and data integrity to ensure the data is not modified during transmission.
To indicate the client should use a security protocol, select "Yes. Select the security mechanism:" and select which security protocol the client should use.
If you choose to use a security mechanism, click on the "Security Settings..." button to customize your security settings.
If you select "TLS", clicking the "Security Settings..." button allows you to set the following:
Use this panel to specify the translation settings for data connections using single byte conversions.
Before you begin, you should understand:
Translation options for the data connection using single bytes:
With this selection, you can choose to use a substitution character for non-translatable characters encountered.
Steps
You have completed this panel after selecting the translation option and entering the translation table or code pages, if applicable.
You can find more detailed help on the following elements of this window:
Enter the fully qualified MVS data set or zFS file name
Network transfer encoded character set
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
Input can be either a fully-qualified MVS data set or an zFS file name.
Syntax rules:
Fully qualified MVS data set
zFS file name
Any single byte iconv encoded character set.
Syntax rules:
Any single byte iconv encoded character set.
Syntax rules:
This setting is only applicable when you select "Use the following iconv encoded character sets:".
Character substitution allows you to specify the action taken for data bytes that cannot be translated. If non-translatable data bytes are encountered, you can choose to fail the data transfer or have the data replaced with a space. A space specifies x'40' when the target code set is an EBCDIC code set and x'20' if the target code set is an ASCII code set.
Character substitution is valid only for single byte data transfers.
To specify a substitution character other then a space, use the FTP SITE and LOCSITE subcommands for the SBSUBCHAR keyword.
Use this panel to enter the FTP server's start procedure name and configuration file member name.
An FTP start procedure and configuration file will be created as members of a partitioned data set extended (PDSE). The name of the PDSE was assigned in the Basic Settings task. To modify the PDSE name, return to the IBM TCP/IP Configuration Demo for z/OS main customization panel and go the Basic Settings task.
Steps
You have completed this panel after you have entered the start procedure name and configuration file member name.
You can find more detailed help on the following elements of this window:
Push buttons
Click Next to advance to the next wizard panel.
Click Back to return to the previous wizard panel.
Click Cancel to negate any entries you have made in this wizard.
Click Help to understand more about this panel.
An FTP server start procedure will be created as a member of a partitioned data set extended (PDSE). This PDSE name was assigned in the Basic settings task. To change the PDSE name, return to the IBM TCP/IP Configuration Demo for z/OS main customization panel and go to the Basic Settings task.
This start procedure name is also used as the FTP server's job name. If the name is 7 characters or less, the job name is the start procedure name with a 1 concatenated to the end of the name. If the start procedure name is 8 characters, the job name is the same as the start procedure name.
Example
Syntax rules:
An FTP server configuration file will be created as a member of a partitioned data set extended (PDSE). This PDSE name was assigned in the Basic settings task. To change the PDSE name, return to the IBM TCP/IP Configuration Demo for z/OS main customization panel and go to the Basic Settings task.
Syntax rules:
Use this panel to create new z/OS FTP server configurations or to modify existing server configurations.
The table shows the server configurations that are currently defined. Each table entry lists the server's start procedure name, the server's control port, and indicates if the server is enable to support the Transport Layer Security (TLS) protocol or the Kerberos security protocol.
Use the buttons on this panel to perform the desired tasks.
Push buttons
Use this panel to specify the IP address that FTP clients use to login to this FTP server.
You are defining an FTP server, but the control port you selected is already reserved for another FTP server. Therefore, you are required to specify a IP address to associate with this FTP server.
Once you have completed your FTP server configuration, the FTP server's control port will be automatically reserved. The port will be reserved for the FTP jobname and will bind the IP address entered to the jobname. This allows FTP clients to login to the FTP server using the bind IP address, while another FTP server can also use the same port, but must be accessed with a different IP address.
A list of all the port reservations can be seen in the Basic Settings task.
You have completed this panel after entering the IP address.
You can find more detailed help on the following elements of this window:
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
Syntax rules
Use this panel to specify whether an FTP login matching the "All other FTP servers" entry, should connect the client directly to the FTP server or through a SOCKS server.
Steps
You have completed this panel after you have indicated whether logins matching the "All other FTP servers" should connect directly to the FTP server or connect through a SOCKS server. And if you selected to connect through a SOCKS server, the SOCKS server address is required.
The socks configuration file will always contain the entry "All other FTP Servers". This entry cannot be removed and you cannot change its position in the table. It will always be the last entry in the table. This entry represents a subnet which matches all login addresses. This entry indicates how to connect to the FTP server for any login address not matching any other entries in the SOCKS configuration file. You can edit this entry to indicate whether the FTP servers should be access directly or through a SOCKS server.
Example
You add the following entries in the order shown:
You edit the "All other FTP Servers" entry indicate FTP servers should be accessed directly.
As a result, this is what happens during a login:
You can find more detailed help on the following elements of this window:
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
Your entry will first be checked to see if it is a valid IP address. If it is not, it is assumed to be a host name.
Syntax rules:
For an IP address:
For a host name:
Use this panel to set the file permissions for newly created zFS files. These settings apply to both FTP server and FTP client configurations. The FTP server settings are used when creating files on the server's system, for example, with a PUT command. The FTP client settings are used when creating files on the client's system, for example, with a GET command. These settings can be modified during an FTP session using the SITE UMASK command to change the server settings and the LOCSITE command to change the client settings.
You cannot choose to create zFS files with execute permissions. If you require execute permissions, you can use the SITE CHMOD or LOCSITE CHMOD commands to change the permissions after the file has been created.
Steps
You have completed this panel after making your group, owner, and other permission settings.
You can find more detailed help on the following elements of this window:
Push buttons
Click Set UMASK Parameter... to set the permission bits using UMASK syntax.
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
The FTP.DATA configuration parameter used to define the default permission for newly created zFS files is UMASK. The value specified on the UMASK statement represents which permission bits are not set on when a file is created.
When FTP creates a file it assumes the permission bits are 666 (-rw-rw-rw-), which correspond to:
Example:
If the UMASK value is 027
110110110 - bits from the default 666 value FTP uses
000010111 - bits from the 027 UMASK setting
_________
110100000 - the resulting value is 640
After turning off all bits from the 027 UMASK setting, the resulting default permission bits for newly created files are 640 (-rw-r-----), which correspond to:
If you are familiar with the UMASK configuration statement and want to set the permission bits using this syntax, click the "Set UMASK Parameter..." button.
This is a snapshot of your FTP server start procedure.
Push buttons
Click Save to save this configuration file to local disk.
Click Print to print this configuration file.
Click Close to end this panel.
Use this panel to define the FTP server's control connection port and whether the server should be enabled to support clients using the Transport Layer Security protocol or the Kerberos security protocol. The Security Sockets Layer (SSL) protocol is included in TLS.
The control connection port number is the port number the FTP server will use to listen for incoming logins.
This port number must not be conflict with other port reservations. Both the port number you specify and the port number - 1, will be reserved for the FTP server. Therefore, other applications must not already have reserved these ports.
If another application has already reserved the ports, you will be asked if you want to negate the reservation for the other application and proceed with your FTP server's port reservation request.
If the port is already reserved for another FTP server, you will be asked if you want to bind an IP address to this FTP server's port reservation. If you decide to bind an IP address, then your server will connect only to clients using this bind IP address when logging in.
To see all port reservations, return to the IBM TCP/IP Configuration Demo for z/OS main customization panel and go to the Basic Settings task.
Steps
You can find more detailed help on the following elements of this window:
Push buttons
Click Next to advance to the next wizard panel.
Click Back to return to the previous wizard panel.
Click Cancel to negate any entries you have made in this wizard.
Click Help to understand more about this panel.
Syntax rules:
This is a snapshot of your configuration file for the FTP server.
Push buttons
Click Save to save this configuration file to local disk.
Click Print to print this configuration file.
Click Close to end this panel.
Use this panel for advanced settings.
Before you begin, read the detailed help available for each setting.
Steps
You have completed this panel after making your desired selections.
You can find more detailed help on the following elements of this window:
American Standards Association text files (ASATRANS)
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
Record Descriptor Words (RDWs) are the first four bytes at the start of a each record in a variable length data set that tell the reading program the actual length of the current record. When transferring a variable length MVS data set, you can have FTP transmit the RDWs or not include them in the transfer.
This setting is available both when configuring an FTP client and an FTP server. It is applicable to the client when transferring files from the client's system, for example with a PUT. It is applicable to the server when transferring files from the server's system, for example with a GET.
It is very doubtful you will want to transfer the RDWs, because it will confuse most all FTP clients and servers. Most FTP clients or servers receiving the RDWs interpret them as an additional four bytes of data and write the RDW's four bytes into the file as data. The z/OS FTP client and server do not expect the first four bytes of a record to be RDWs and do not interpret them in any special way. Therefore, a z/OS FTP server or client receiving the RDWs will write the RDWs as an additional four bytes of data, thus resulting in an invalid data transfer. You only want to transfer the RDWs if you know the receiving client or server is designed to expect the first four bytes of a record to be the RDW.
If you select "Retain and transfer the RDWs", it is recommended you transfer the file in binary mode to avoid potential translation problems.
American Standards Association (ASA) text files contain control characters in column one. These control characters can be converted to C control characters. For example, the ASA control character, ' ' , means to skip one line. This character can be converted to the C control characters '/n'. For a complete description of the conversion process see the Using ASA Text Files chapter in the z/OS C/C++ Programming Guide, SC09-4765.
Select "Do not convert the control characters" to have FTP transfer ASA text files without converting the control characters.
Select "Convert the control characters" to have FTP convert the ASA control characters in column 1 to C control character sequences when transferring ASA text files.
This setting is available both when configuring an FTP client and an FTP server. It is applicable to the client when transferring files from the client's system, for example with a PUT. It is applicable to the server when transferring files from the server's system, for example with a GET.
When writing ASCII files to tape in stream mode, FTP can use either the BSAM I/O routines or the Language Environment runtime library function fwrite(). Using BSAM I/O routines allows the data set to be processed without embedded hexadecimal values being interpreted as print control characters and results in faster I/O.
This setting is available both when configuring an FTP client and an FTP server. It is applicable to the client when transferring files to the client's system, for example with a GET. It is applicable to the server when transferring files to the server's system, for example with a PUT.
Indicate whether FTP should treat only the data set qualifier immediately below the directory as an entry in the directory or if all data set qualifiers below the current directory are treated as entries in the directory.
Example
If you select, "Operate with all fully qualified data sets", the client will see:
ftp> ls 200 Port request OK. 125 List started OK AREADME BAILEY BAILEY.CONFIG.SPX001.I2.TEMP BAILEY.TRANS EZACIMJA ISPF.ISPPROF XMLS XX.AREADME 250 List completed successfully. 101 bytes received in 0.03 seconds (3.37 Kbytes/sec)
If you select, "Operate with only first LLQ token", the client will see:
ftp> ls 200 Port request OK. 125 List started OK AREADME BAILEY BAILEY EZACIMJA ISPF XMLS XX 250 List completed successfully. 51 bytes received in 0.03 seconds (1.70 Kbytes/sec)
This setting is available both when configuring an FTP client and an FTP server. It is applicable to the client when issuing the MPUT command. It is applicable to the server when issuing the MGET, LS, DIR and MDELETE commands.
Use this panel to specify the block size, logical record length, record format, and retention period for newly created data sets.
All settings are available both when defining FTP clients and FTP servers. The settings are applicable to FTP clients when creating data sets on the client's system. The settings are applicable to FTP servers when creating data sets on the server's system.
Steps
You have completed this panel after selecting how FTP should obtain the block size, logical record length, record format, and retention period values.
You can find more detailed help on the following elements of this window:
Push buttons
Click Next to advance to the next wizard panel.
Click Back to return to the previous wizard panel.
Click Cancel to negate any entries you have made in this wizard.
Click Help to understand more about this panel.
Use the block size value to specify the maximum length of a block for newly created data sets.
The block size value can be obtained from an SMS data class, inherited from a model data set, or you can enter a value.
If you did not specify an SMS data class or a model data set on the first wizard panel, you are required to enter a value for the block size.
If you did specify an SMS data class or a model data set on the first wizard panel, then the block size will be obtained from the SMS data class or model data set. You can choose to override the obtained value, by selecting "Use this value:" and entering a block size.
If you specified both an SMS data class and a model data set on the first wizard panel, then the block size will be obtained from the model data set. You can choose to override the obtained value, by selecting "Use this value:" and entering a block size.
Syntax rules:
Use the logical record length value to specify the length of records for newly created data sets.
The logical record length value can be obtained from an SMS data class, inherited from a model data set, or you can enter a value.
If you did not specify an SMS data class or a model data set on the first wizard panel, you are required to enter a value for the logical record length.
If you did specify an SMS data class or a model data set on the first wizard panel, then the logical record length will be obtained from the SMS data class or model data set. You can choose to override the obtained value, by selecting "Use this value:" and entering a logical record length.
If you specified both an SMS data class and a model data set on the first wizard panel, then the logical record length will be obtained from the model data set. You can choose to override the obtained value, by selecting "Use this value:" and entering a logical record length.
Syntax rules:
Use the record format value to specify the format and characteristics of the records for newly created data sets.
The record format value can be obtained from an SMS data class, inherited from a model data set, or you can select a value.
If you did not specify an SMS data class or a model data set on the first wizard panel, you are required to select a value for the record format.
If you did specify an SMS data class or a model data set on the first wizard panel, then the record format will be obtained from the SMS data class or model data set. You can choose to override the obtained value, by selecting "Use this value:" and selecting a record format.
If you specified both an SMS data class and a model data set on the first wizard panel, then the record format will be obtained from the model data set. You can choose to override the obtained value, by selecting "Use this value:" and selecting a record format.
Entries in the drop down list consists of one or more of the following characters: A, B, F, M, S, U, V. Following describes the meaning of each character:
The default is VB (Variable Block).
Use the retention period value to specify the retention period for newly created data sets to help reduce the chance of later accidental deletion. After the retention period, the data set can be deleted or overwritten by another data set. The system adds the retention period value, specified in days, to the current date to calculate the expiration date.
The retention period value can be obtained from an SMS data class, an SMS management class, inherited from a model data set, or you can enter a value.
If you did not specify an SMS data class, an SMS management class or a model data set on the first wizard panel, you are required to enter a value for the retention period. If you do not want to set a retention period, select "None - data sets will have no expiration date", otherwise select "Retain for:" and enter a value. The default selection is "None - data sets will have no expiration date".
If you did specify an SMS data class or a model data set on the first wizard panel, then the retention period will be obtained from the SMS data class, or model data set. You can choose to override the obtained value, by selecting "Use this value:" and indicating the value.
If you specified both an SMS data class and a model data set on the first wizard panel, then the retention period will be obtained from the model data set. You can choose to override the obtained value, by selecting "Use this value:" and indicating the value.
If you specified a management class, then the retention period is obtained from the management class. The value of the management class's retention period can be overridden.
Syntax rules:
Use this panel to indicate if you want to log FTP events using the system SYSLOGD facility. If you select Yes, the following events will be logged for named users.
Each event is logged as a message with message numbers in the range EZYFS50 to EZYFS95.
Following is an example of one of the logged messages.
EZYFS50I ID=sessionID CONN starts Client IPaddr=ipaddr hostname=hostnameExplanation: This log entry is made by the FTP daemon when it accepts a client connection request. The keyword CONN identifies the entry as a connection log entry.
sessionID uniquely identifies the FTP session between a client and a server. The identifier is created by combining the jobname of the FTP daemon with a five-digit number in the range 00000-99999. This identifier is in each log entry for the session until message EZYFS52I, which is the last entry for the session.
ipaddr is the IP address of the FTP client. The IP address may be either an IPv4 or an IPv6 address.
hostname is the name of the FTP client. If the name cannot be resolved, UNKNOWN is displayed.
System Action: FTP continues.
User or Operator Response: None.
System Programmer Response: None.
Source Data Set: EZAFTPBU
Procedure Name: logCONN.
Push buttons
Click Next to advance to the next wizard panel.
Click Back to return to the previous wizard panel.
Click Cancel to negate any entries you have made in this wizard.
Click Help to understand more about this panel.
Use this panel to specify the timers and intervals to be used by the server.
This panel allows you to specify timeout intervals for the data connection, inactivity and keepalive timers for the control connection, and check point intervals used for restarting transfers.
All timers are optional. If you do not want to use a timer or interval, do not check its box.
Before you begin, know if you want to specify any timers and intervals, and values that you want specified.
Steps
You have completed this panel if you have made desired changes to the timers and intervals.
Fields
Transfer timeout (DATATIMEOUT)
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
Use the inactivity timer to specify the number of seconds that an inactive connection remains open. Any client control connection that is inactive for longer then the specified time is closed by the server.
Check the box labeled "Use the inactivity timer" to activate this function and optionally you may modify the interval.
Syntax rules:
Keepalive is used to send packets over the control connection to keep a session active. This keeps the firewall from timing out and terminating the connection. Use the keepalive interval to specify the number of seconds that the keepalive mechanism should wait before sending another packet over the connection.
Check the box labeled "Use keepalive" to activate this function and optionally you may modify the interval.
Syntax rules:
The transfer timeout interval is used to set the maximum amount of time, in seconds, that the server keeps the data connection open. The timer starts as soon as the data connection is opened. If the transfer has not completed when the timer expires, the data connection is closed and an error is reported.
Check the box labeled "Use data timeout function" to activate this function and optionally you may modify the interval.
Syntax rules:
Use the FIN wait timeout interval to set the number of seconds the server waits to receive notification from the client that it is closing the data connection. The server waits for the finished flag(FIN) contained in the TCP packet header, if the FIN is not received before the time specified the connection is closed and an error is reported.
Check the box labeled "Use DCONNTIME function" to activate this function and optionally you may modify the interval.
Syntax rules:
Use checkpoint interval to set the number of records that are sent before a restart marker is sent. Checkpoint markers are sent to clients who use EBCDIC block mode or EBCDIC compress mode during data set retrieval. If the FTP connection fails while using the checkpoint intervals, the transfer can be restarted at the last checkpoint by reconnecting to the FTP server and issuing the restart command.
Check the box labeled "Use checkpoint" to activate this function and optionally you may modify the number of records.
Note: If you plan to have clients that do not support the restart marker, do not set the checkpoint interval, but instead use the FTP SITE/LOCSITE command checkpoint interval for individual clients.
Syntax rules: