Thanks for the assistance, and it is all as I expected. I have successfully
logged onto the remote system manually with the same user profile, and
created a save file in QTEMP. I have looked at the FTP server log on the
server side (shows nothing), and Yes Rob, there is no FTP command named
RCMD. It is a subcommand that is issued by the QUOTE command. The whole
command is QUOTE RCMD CRTSAVF QTEMP\IMPORT. I am guessing that there is
something somewhere that is intercepting my commands, but when I look at
the system exit points using WRKREGINF, the FTP exit points show no
programs. So I am completely confused why this isn't working. Maybe I need
to look at the FTP server jobs and update the logging levels to show
something.


On Mon, Oct 11, 2021 at 1:17 PM Scott Klement <midrange-l@xxxxxxxxxxxxxxxx>
wrote:

Hi Mark,

Rather than guess, I would suggest looking at the job log of the FTP job
to see what the problem is. On the server (not the client) type:

WRKACTJOB JOB(QTFTP*)

You may have to check a few different jobs to find the one with the
appropriate job log, but one of them should have a job log showing you
why the commands failed.

To my knowledge, there is no authorities needed for RCMD, but it can be
blocked with an exit program. Or, the problem might not be RCMD itself,
but rather, the command that you're running that you are lacking
authority to.

-SK

On 10/11/2021 11:06 AM, Mark Murphy wrote:
I have a little utility I wrote using Scott Klement's FTP API to simplify
the FTP process between IBM i boxes. You tell it what object to send, and
where to send it, and the utility takes care of creating save files on
the
local and remote side, saving the object, and restoring it on the other
end. This worked great for a while until our system engineers started
messing with authorities, and now no one knows how to set up the
authorities to make it work again. They keep telling me that the only way
to make it work is to give the user *ALLOBJ. I am skeptical about that,
but
I don't know what authority is required.

The problem arises when I try to create the save file in QTEMP on the
remote side. I do that using FTP's RCMD sub command. What I am getting is
550 Request rejected.

I can't really find anything in the documentation concerning special
authorities required by the RCMD subcommand. I did find something
recommending that it be restricted using an exit, but we have no exit
programs registered. So I am at a loss. I can create the save file from
the
command line, but not from the RCMD command which is supposed to act
like a
command line according to this:

- FTP provides remote-command capability, just as advanced
program-to-program communications (APPC) and IBM i Access for
Windows do.
The RCMD (Remote Command) FTP-server subcommand is the equivalent of
having
a command line on the system. Before you allow FTP, you must ensure
that
your object security scheme is adequate. You can also use the FTP
exit
program to limit or reject attempts to use the RCMD subcommand. FTP
exit
programs describes this exit point and provides sample programs.

Does anyone know of any authority requirements for the RCMD subcommand
for
the IBM i FTP server? Or where I can look to find more information?
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.