How can inbound FTP from a specific IP address be secured with ACF2 rules?
searchcancel
How can inbound FTP from a specific IP address be secured with ACF2 rules?
book
Article ID: 129625
calendar_today
Updated On: 10-17-2023
Products
ACF2ACF2 - DB2 OptionACF2 for zVMACF2 - z/OSACF2 - MISC
Issue/Introduction
How can inbound FTP from a specific IP address be secured with ACF2 rules?
Environment
Release: Component: ACF2MS
Resolution
In order to secure inbound FTP from a specific address resource class SERVAUTH rules can be written provided your IP network is configured to use named security zones. If the client IP address is mapped into a network access security zone, sites can grant each login user ID READ access to the SERVAUTH profile that corresponds to the security zone. This can be done as follows.
a. Define a profile in the SERVAUTH class for the FTP port.
b. Grant at least READ access to the profile to the users that you want to permit to log in to FTP. For example, if for ACFS, your FTP port is port 21, following rule can be used the user ID FTPUSER access:
SET RESOURCE(SER) RECKEY EZB ADD( FTP.*.*.PORT21 UID(uid string for FTPUSER) SERVICE(READ) ALLOW)
c. Code VERIFYUSER TRUE in the server's FTP.DATA file. FTP verifies the user's access to the resource for every session, whether or not that session is secured.