The FTP server accepts requests from FTP clients on the local network and executes them.
The use of an FTP server on a BS2000 partner system is, of course, only possible, provided the FTP server has been powered up by the administrator.
Figure 1: FTP server in BS2000
In the sections that follow, the host with the FTP server is referred to as the remote host so that the description of the server is consistent with that of the client (although from theviewpoint of the server, the local system is its own host).
Mode of operation
For each connection request from a client (open command), the server generates a separate BS2000 task. The data required to initiate this task (user ID, account number, password) is requested from the client. A program (FTPDC) is then initiated to execute the actual file transfer and the local file accesses initiated by the client. The DMS access rights in BS2000 (RDPASS, WRPASS, EXPASS, SHARE=YES|NO, ACCESS=READ|WRITE) as well as the access permissions in POSIX are both taken fully into account.
When multiple clients log on to the server at exactly the same time, a connection request may be rejected. If this occurs, the client must repeat the connection request.
Password protection
In BS2000, individual DMS files can be protected by passwords. The FTP server in BS2000 expects function calls with file names in the form
filename,C'password' or filename,X'password'.
Note, however, that this does not apply to the POSIX file system.
Example
A command is issued from a Unix system (file name: ZWATON) to overwrite the BS2000 file ANTON, which is protected by a read password OTTO:
put ZWATON ANTON,C'OTTO'
Files that are protected by different passwords (e.g. RDPASS=C'OTTO' and
WRPASS=C'KARL') cannot be addressed directly. At least one of the two passwords must have been entered earlier with the site exec function of the quote command:
quote site exec PASSWORD C'KARL'
quote site exec may only be used
when FTP access is not controlled with FTAC and
if it was not deactivated using the server option -disableSiteExecCommand (see the “interNet Services Administrator Guide”).
PASSIVE mode
PASSIVE mode enables a file transfer between two servers to be initiated from a client. The FTP client in BS2000 supports this procedure via the client command proxy (see "proxy - Controlling a connection to two remote systems").
In the BS2000 FTP server this functionality is supported by the server commands PASV and EPSV. In the BS2000 FTP client PASSIVE mode can be selected using the client command passive (see "passive - Enable/disable PASSIVE mode").
In PASSIVE mode, the server is made to wait at a data port for a connection request instead of actively setting up a connection itself. The connection is set up between the two server tasks via the first line address generated. If this line does not support connection between the two servers, the connection request is refused (return code 425, can’t build data connection).
PASSIVE mode is also used when an FTP server is to be accessed behind a firewall as connections from the server often cause conflicts with the firewall rules. For this reason many clients use PASSIVE mode by default.
Scope of implementation
The functions of an FTP server are implemented in standardized protocol elements (server commands).
The following table contains a summary of the functions of the FTP servers in BS2000.
Server | Server function | On servers in | Corresponding (k) | |
(DMS) | (POSIX) | |||
acct | State account number | + | + | |
abor | Abort file transfer | + | + | |
allo | Allocate memory | (+) | (+) | |
appe | Append file to existing file | + | + | append (a) |
auth | Initiate TLS connection | + | + | open(a) |
ccc | Enable/disable TLS security for the control connection | + | + | ccc (a) |
cdup | Change to the next higher working directory (POSIX) or remove partial qualifier (DMS) | +(1) | + | cdup (a) |
cmod | Enable 1:1 transfer | + | + | copymode(k) |
cwd | Change working directory (POSIX) or remove partial qualifier (DMS) | + | + | cd (a) |
dele | Delete file | + | + | delete (a) |
eprt | Extended port command for IPv6 | + | + | |
epsv | Extended passive command for IPv6 | + | + | |
feat | Show new features of the server | + | + | |
help | Request help | + | + | remotehelp (a) |
list | List file names and directories | + | + | dir (a) |
mdtm | Show date and time of last change to | + | + | |
mkd | Make directory | - | + | |
mlsd | List file names and file properties | + | + | mlsd (a) |
mlst | List file properties | + | + | mlst (a) |
mode | Define transfer mode | + | + | mode (a,k) |
nlst | List file names | + | + | ls (a) |
noop | No operation | + | + | |
opts | Specify options | + | + | |
pass | State password | + | + | |
pasv | Set PASSIVE mode | + | + | |
pbsz | Assign memory for data encryption | (+) | (+) | private (a) |
port | Define data connection port | + | + | |
prot | Enable/disable encryption of data connection | + | + | private (a) |
pwd | Show current working directory | + | + | pwd (a) |
quit | Terminate session | + | + | close (a) |
rest | Specify position in file where data transfer is to commence | + | + | reget (a) |
retr | Retrieve a file | + | + | get (a) |
rmd | Remove directory | - | + | |
rnfr | Rename a file, output old name | + | + | rename (a) |
rnto | Rename a file, output new name | + | + | rename (a) |
site | Prefix for BS2000-specific FTP server functions | + | + | |
size | Output file size | + | + | |
stat | Show server status information | + | + | status (k) |
stor | Store file | + | + | put (a) |
stou | Store files with unique names | + | + | put (a) |
stru | Define transfer structure | + | + | struct (a+k) |
syst | Show system information on the | + | + | system (a) |
type | Define transfer type | + | + | type (a+k) |
user | Define user ID | + | + | user (a) |
xcup | Change to the next higher working directory (POSIX) or remove partial qualifier (DMS) | +(1) | + | |
xcwd | Change working directory (POSIX) or remove partial qualifier (DMS) | + | + | |
xmkd | Make directory | - | + | mkdir (a) |
xpwd | Show current working directory | + | + | pwd (a) |
xrmd | Remove directory | - | + | rmdir (a) |
FTP server functions
Key
+ | The function is implemented. |
(1) On the BS2000 server, cdup and xcup achieve the function "Change working directory" by removing a partial qualifier.
BS2000-specific functions of the FTP server
The following table provides an overview of the BS2000-specific functions of the FTP server.
Server | Server function | Servers in | Corresponding (k) | |
cmod | Enable 1:1 transfer | + | + | copymode (k) |
exec | Forward command to remote operating system | + | + | |
file | Change DMS file attribute | + | + | file (k) |
ftyp | Change file editing type | + | + | ftyp (k) |
help | Information on FTP commands | + | + | help (k) |
modc | Modify character string for switching between POSIX / DMS | + | + | modchar (k) |
setc | Change code tables | + | + | setcode (k) |
sfil | Enable/disable special EOF marker for PAM files; | + | (+) | setfile (k) |
sopt | Set variables controlling server behavior | + | + | set (k) |
svfs | Enable/disable TVFS | + | + | |
trce | Enable/disable debug output and Socket trace | + | + | debug (k) / trace (k) |
exit | Define parameters for exit routines | + | + | rexit (a) |
BS2000-specific FTP server functions
Key
+ | The function is implemented. |
It is recommended that BS2000-specific FTP server functions always be called with the prefix site, although these functions can still also be used for compatibility reasons at the moment with the file, ftyp, modc and setc commands without a preceding site.
However, it is strongly recommended, particularly when creating procedures, to use the current form with a preceding site to prevent problems that may arise if the FTP standard is extended.
If site is not followed by any of the commands listed in the table, site is interpreted in the same way as site exec. The string following site is then forwarded as a command to the remote operating system and is interpreted as in earlier FTP server versions.
Calling the FTP server functions via the FTP partner client
For most FTP server functions, there is a corresponding command call on the partner client. If a function has no corresponding command call on the client, it can be called directly via the FTP server with the aid of the client command quote (see section “quote - Call server functions”).
In the case of FTP clients that do not offer any special input options for an account number (e.g. web browser), the account number can be appended to the user ID separated by a comma on the BS2000 FTP server.
There is no meaningful equivalent for the "Make directory" and "Remove directory" functions in the DMS file system on BS2000. As far as the POSIX file system on BS2000 is concerned, these functions are implemented within the framework of the POSIX support. The FTP client commands mkdir and rmdir can be used to create and remove directories in the POSIX file system.
Any server function of the partner system can always be called with the client command quote.
The server functions file, ftyp, modc, setc, sfil, svfs, cmod and exit are described in detail below. These functions exist only in the DMS file system in the BS2000 FTP server and must always be addressed via the client command quote.
The site exit function defines the parameter for the exit routines (see the
“interNet Services Administrator Guide”). The exit command can also be sent to the server via the client command rexit (see "rexit - Define parameters for remote exit routines").
Enter the following:quote site exit receive:<recv-parm>
quote site exit send:<send-parm>
quote site exit receive:<recv-parm>!send:<send-parm>
e.g.: quote site exit receive:-C5!send:-D7
quote site exit send:*NONEThe site file function defines the file attributes of a DMS file to be transferred on the remote system (i.e. the system on which the FTP server is running). The site file function corresponds to the client command file and is described in detail on "file - Define file attributes on local host".
Enter the following:
quote site file <remote-file,file-operand-list>
e.g.: quote site file file1,fcbtype=samThe
site ftyp function defines whether the SAM files on the remote computer are to be processed as text or binary files The site ftyp function corresponds to the client command ftyp and is described in detail on "ftyp - Specify processing type for files on local host".
Enter the following:
quote site ftyp <file-processing-type>
e.g.: quote site ftyp binaryThe site modc function defines the first character in the string for switching between the DMS file system and the POSIX file system. The site modc function corresponds to the client command modchar and is described in detail on "modchar - Modify character string".
Enter the following:
quote site modc <character>
e.g.: quote site modc $The site setc function is used to set the character set names (CCSN) for character set conversion. The site setc function corresponds to the client command setcode and is described in detail on "setcode - Change code tables".
Enter the following:
quote site setc <Host CCSN> <Net CCSN>
e.g.: quote site setc EDF049 ISO88599The site sfil function defines special modes of operation for transferring files and corresponds to the client command setfile, which is described in detail on "setfile - Enable/disable file marker".
Enter the following:quote site sfil datend on | off | lbp
Enable/disable the special EOF marker (default: enabled) or use the new EOF marker mode Last Byte Pointer (LBP).quote site sfil pademptyrec on|off
Enable/disable filling of blank SAM records (default: disabled).e.g.: quote site sfil datend off
quote site sfil pademptyrec onThe site cmod function (see the description of the client command copymode on "copymode - Enable/disable 1:1 transfer of BS2000 disk files").
The site svfs function enables/disables TVFS for the corresponding session.
Enter the following:quote site svfs on | off
Enable/disable TVFS.e.g.: quote site svfs on
- The site sopt function allows the setting of variables controlling the FTP server behavior. So with
quote site sopt assignCCSNtoFile NO | YES
the automatic assignment of the COD-CH-SET file attribute when writing a file can be (de)activated.e.g..: quote site sopt assignCCSNtoFile YES activates this assignment, so with transfer type ascii the written SAM files is assigned the currently set Host CCSN as COD-CH-SET attribute.
FTP server commands, which support the restart capability of the FTP client
The following FTP server commands support the restart capability of the FTP client and FTP server:
mdtm
size
rest
mdtm - Establish the date and time of the last file change to date
The mdtm command provides the date and time of the last change to a file to date:
Message: 213 <YYYYMMDDhhmmss>
mdtm |
<file> |
<file>
File for which the mdtm command supplies the date and time of the last change.
Example
quote site mdtm testdatei
213 20101015204331
size - Establish the size of a file
The size command specifies how many bytes were transferred via the network when this file was transferred. The current settings for mode, type, struct and ftyp are taken into account here. The size command is rejected with an error code for mode <> stream.
It can occur that the size command is disabled for technical reasons on a BS2000 FTP server.
Message: 213 <size of file (in bytes)>
size |
<file> |
<file>
File for which the size command supplies the size.
Example
quote size test file
213 498665
rest- Specify file position where a data transfer should begin
The rest command specifies any byte position at whose corresponding file position (instead of file start) a file transfer initiated by a subsequent stor or recv command should begin.
rest |
<position> |
<position>
Byte position at whose corresponding file position the next file transfer should begin.
Command for showing the server features
The FTP server supports the FEAT command (RFC 2389). By default, FEAT reports support of the EPSV, EPRT, SIZE, MDTM and REST STREAM commands. Support of SIZE is not indicated if SIZE has been disabled via server option -disableSizeCommand (see the “interNet Services Administrator Guide”).
If TLS support of the FTP server is enabled, FEAT also reports support of AUTH TLS, PBSZ and PROT.
If TVFS is enabled globally using the FTP server option, the FEAT command reports TVFS support.
In addition, support for the MLSD/MLST commands is reported initially via MLST
type*;size*;create*;modify*;perm*;unique*;UNIX.owner*;UNIX.group*;UNIX.mode*;. In doing so, the list next to MLST indicates which facts can be supplied by the MLSD/MLST commands using file system objects. '*' indicate the facts that are currently returned; you can use the OPTS command to change the quantity of these facts. For details on TVFS, MLSD, and MLST, see RFC 3659.
FEAT |
FTAC interface
The advantages of the FTP protocol lie, among other things, in the fact that FTP client programs are standardized and hence widely used. When seen from a security aspect, however, it is not up to the usual standards prevalent in BS2000. In other words, anyone who knows your login-specific data can retrieve data from your user ID, save data to your user ID, delete data or change file attributes.
For this reason, interNet Services offers access to the FTAC interface for FTP. Access control and protection via openFT-AC has already been available for the File Transfer openFT since quite some time.
The following features are offered by FTAC to protect the BS2000 server:
Decoupling of FTP transfer admissions and login admissions
Access rights depending on partner systems
User-specific access rights
Flexible levels of access rights
Logging of every authorization check
Simple application
More detailed information on the FTAC support for FTP can be found in the chapter “FTAC interface” (see "FTAC interface").