Re: grabbing JES output via FTP
On 08/19/2017 08:34 PM, Tony Thigpen wrote: > I am attempting to use FTP under VM to grab some job output from JES2. > I am getting a strange error that I don't know where to start trying > to resolve it. I also get the same messages when I try to ftp from a > local pc. > > Command: > site filetype=jes > >>>SITE filetype=jes > 200 SITE command was accepted > Command: > get JOB01106.2 > >>>EPRT |1|10.10.50.141|1170| > 500 unknown command EPRT > >>>PORT 10,10,50,141,4,146 > 200 Port request OK. > >>>RETR JOB01106.2 > 451 Nlst failed due to internal error > Command: > > > thoughts? > There is an FTP exit the installation can use to restrict what can be done by users via FTP. Our installation used that exit and permissions to installation-specific RACF profiles to restrict what RACF userids (which were primarily CICS and TSO users) were authorized to login to FTP and which of those were further authorized to use filetype=jes, so that users who hadn't been properly trained or whose job function gave them no legitimate reason to access FTP or FTP filetype=jes wouldn't be given these tools and create unanticipated exposures. Someone with a RACF userid who hasn't been granted TSO access and trained in TSO/ISPF would be less likely to have the training to know whether jobs they might submit to MVS via FTP were reasonable; and those with TSO/ISPF access have much better interfaces than FTP to submit and access JES jobs. At least before my retirement, there had never had any need or requests for more than one or two userids to use FTP filetype=jes (and those were in Tech Services, because some vendor made part of their MVS product maintenance support dependent on that feature). Not saying the site in question has done something like this, but that's one possibility. Joel C. Ewing. -- Joel C. Ewing,Bentonville, AR jcew...@acm.org -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: grabbing JES output via FTP
Hi Tony, The article "FTP and JES" in the April 2010 edition of our RSH RACF Tips newsletter might be of help. http://www.rshconsulting.com/racftips/RSH_Consulting__RACF_Tips__April_2010.pdf Regards, Bob Robert S. Hansel Lead RACF Specialist RSH Consulting, Inc. *** Celebrating our 25th Year *** 617-969-8211 www.linkedin.com/in/roberthansel http://twitter.com/RSH_RACF www.rshconsulting.com Upcoming RSH RACF Training - WebEx - RACF Audit & Compliance Roadmap - SEPT 11-15, 2017 - RACF Level I Administration - DEC 5-8, 2017 - RACF Level II Administration - NOV 13-17, 2017 - RACF Level III Admin, Audit, & Compliance - OCT 2-6, 2017 - RACF - Securing z/OS UNIX - OCT 23-27, 2017 -Original Message- Date:Sat, 19 Aug 2017 21:34:57 -0400 From:Tony Thigpen Subject: grabbing JES output via FTP I am attempting to use FTP under VM to grab some job output from JES2. I am getting a strange error that I don't know where to start trying to resolve it. I also get the same messages when I try to ftp from a local pc. Command: site filetype=jes >>>SITE filetype=jes 200 SITE command was accepted Command: get JOB01106.2 >>>EPRT |1|10.10.50.141|1170| 500 unknown command EPRT >>>PORT 10,10,50,141,4,146 200 Port request OK. >>>RETR JOB01106.2 451 Nlst failed due to internal error Command: thoughts? -- Tony Thigpen -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: grabbing JES output via FTP
On Sun, 20 Aug 2017 05:49:02 -0500, Steve Horein wrote: >... required the jobname of the >output to be retrieved to effectively be USERID()+1 character to be able to >retrieve output. > What century is this? Why is that still a thng? How will that play with 8-character user IDs? The TSO/E Command Ref. says, "...optionally, can include one *or*more* additional characters [emphasis added]...". Couldn't this have peculiar consequences when one user's ID is a prefix string of another's? (Is that allowed?) > https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.2.0/com.ibm.zos.v2r2.halz001/ftpserverjesinterfacelevel.htm -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: grabbing JES output via FTP
The last I was aware, JESINTERFACELEVEL=1 required the jobname of the output to be retrieved to effectively be USERID()+1 character to be able to retrieve output. I requested to move to JESINTERFACELEVEL=2, but got pushback (IIRC) due to SDSF SAF requirements; Something along the lines of "We can't because we don't use SDSF". I am happy to now see the following not in more recent doc: "You are not required to have SDSF to use JESINTERFACELEVEL 2. If you do not use SDSF, you need to create SAF profiles. Both SDSF and JESINTERACELEVEL 2 use the same SAF profile names." https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.2.0/com.ibm.zos.v2r2.halz001/ftpserverjesinterfacelevel.htm -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: grabbing JES output via FTP
Passive does make a difference. Once I use passive to force the server to initiate the connections, I am getting different errors. Command: passive Data connections will be initiated by the server Command: get JOB01106.2 >>>EPRT |1|10.10.50.141|1176| 500 unknown command EPRT >>>PORT 10,10,50,141,4,152 200 Port request OK. >>>RETR JOB01106.2 501 Invalid data set name "JOB01106.2". Use MVS Dsname conventions. Command: get JOB01106.x >>>PORT 10,10,50,141,4,153 200 Port request OK. >>>RETR JOB01106.x 550 Data set PRODAT2.JOB01106.X not found Command: get 'JOB01106.1' DMSSTT062E Invalid character ' in fileid 'JOB0110 1' DTCFTC0031E Invalid argument string Invalid local filename; use 'name.type.mode' or 'name.type' Command: get 'JOB01106.x' DMSSTT062E Invalid character ' in fileid 'JOB0110 X' DTCFTC0031E Invalid argument string Invalid local filename; use 'name.type.mode' or 'name.type' Command: get 'JOB01106.x' job01106..a >>>PORT 10,10,50,141,4,154 200 Port request OK. >>>RETR 'JOB01106.x' 550 Data set JOB01106.X not found Command: Tony Thigpen Paul Gilmartin wrote on 08/19/2017 10:33 PM: On Sat, 19 Aug 2017 21:34:57 -0400, Tony Thigpen wrote: I am attempting to use FTP under VM to grab some job output from JES2. I am getting a strange error that I don't know where to start trying to resolve it. I also get the same messages when I try to ftp from a local pc. Command: site filetype=jes SITE filetype=jes 200 SITE command was accepted Command: get JOB01106.2 EPRT |1|10.10.50.141|1170| 500 unknown command EPRT Is this an IP address and port number for setting up the separate data port? Does PASSIVE mode affect this? PORT 10,10,50,141,4,146 200 Port request OK. RETR JOB01106.2 451 Nlst failed due to internal error -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: grabbing JES output via FTP
Output fron SITE JESSOWNER=* command: >>>SITE JESOWNER=* 200-JESINTERFACELEVEL=1. The value of JESOWNER cannot be modified. 200 SITE command was accepted I am trying to get the output from a job I submitted via FTP, so the owner the same as the userid I am using for FTP. Tony Thigpen JIm Thomas wrote on 08/20/2017 05:12 AM: Depending on JESINTERFACELEVEL .. try issuing a 'SITE JESOWNER=*' <- (or submitter's userid) .. Jim From: IBM Mainframe Discussion List on behalf of Paul Gilmartin <000433f07816-dmarc-requ...@listserv.ua.edu> Sent: Saturday, August 19, 2017 9:36:38 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: grabbing JES output via FTP On Sat, 19 Aug 2017 21:34:57 -0400, Tony Thigpen wrote: I am attempting to use FTP under VM to grab some job output from JES2. I am getting a strange error that I don't know where to start trying to resolve it. I also get the same messages when I try to ftp from a local pc. ... EPRT |1|10.10.50.141|1170| 500 unknown command EPRT thoughts? RFC 2428? -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: grabbing JES output via FTP
Depending on JESINTERFACELEVEL .. try issuing a 'SITE JESOWNER=*' <- (or submitter's userid) .. Jim From: IBM Mainframe Discussion List on behalf of Paul Gilmartin <000433f07816-dmarc-requ...@listserv.ua.edu> Sent: Saturday, August 19, 2017 9:36:38 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: grabbing JES output via FTP On Sat, 19 Aug 2017 21:34:57 -0400, Tony Thigpen wrote: >I am attempting to use FTP under VM to grab some job output from JES2. I >am getting a strange error that I don't know where to start trying to >resolve it. I also get the same messages when I try to ftp from a local pc. > >... > >>>EPRT |1|10.10.50.141|1170| >500 unknown command EPRT > >thoughts? > RFC 2428? -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: grabbing JES output via FTP
On Sat, 19 Aug 2017 21:34:57 -0400, Tony Thigpen wrote: >I am attempting to use FTP under VM to grab some job output from JES2. I >am getting a strange error that I don't know where to start trying to >resolve it. I also get the same messages when I try to ftp from a local pc. > >... > >>>EPRT |1|10.10.50.141|1170| >500 unknown command EPRT > >thoughts? > RFC 2428? -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: grabbing JES output via FTP
On Sat, 19 Aug 2017 21:34:57 -0400, Tony Thigpen wrote: >I am attempting to use FTP under VM to grab some job output from JES2. I >am getting a strange error that I don't know where to start trying to >resolve it. I also get the same messages when I try to ftp from a local pc. > >Command: >site filetype=jes > >>>SITE filetype=jes >200 SITE command was accepted >Command: >get JOB01106.2 > >>>EPRT |1|10.10.50.141|1170| >500 unknown command EPRT > Is this an IP address and port number for setting up the separate data port? Does PASSIVE mode affect this? > >>>PORT 10,10,50,141,4,146 >200 Port request OK. > >>>RETR JOB01106.2 >451 Nlst failed due to internal error -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
grabbing JES output via FTP
I am attempting to use FTP under VM to grab some job output from JES2. I am getting a strange error that I don't know where to start trying to resolve it. I also get the same messages when I try to ftp from a local pc. Command: site filetype=jes >>>SITE filetype=jes 200 SITE command was accepted Command: get JOB01106.2 >>>EPRT |1|10.10.50.141|1170| 500 unknown command EPRT >>>PORT 10,10,50,141,4,146 200 Port request OK. >>>RETR JOB01106.2 451 Nlst failed due to internal error Command: thoughts? -- Tony Thigpen -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
