z/OS "file permissions"

Discussion of the Co:Z Co-Processing Toolkit for z/OS
Post Reply
giltjr
Posts: 14
Joined: Wed Jul 07, 2010 9:06 pm

z/OS "file permissions"

Post by giltjr » Tue Aug 14, 2018 1:22 pm

We are transferring a z/OS file from z/OS to a Linux host. The majority of the time when the file gets created on the Linux side the permissions are 644, but randomly they are 640 which causes problems on the remote site.

After a ton of reading according to the sftp RFC's the client should send the source files permissions to the server and the server should use those. I did some testing and if I send a "OMVS" file file from z/OS to Linux this holds true. What ever the source file's permissions are, that is what they are on the server.

We are z/OS 2.3 and running IBM's latest OpenSSH ported tool. Since it is Co:Z sftp client that is reading the z/OS file, how does it get the Unix/Linux style file permissions to send to the server when the source file is a z/OS?

dovetail
Site Admin
Posts: 1840
Joined: Thu Jul 29, 2004 12:12 pm

Re: z/OS "file permissions"

Post by dovetail » Tue Aug 14, 2018 3:35 pm

You don't provide the details of how you are transferring the file, but I assume that it is something like:

put localfile remotfile

If you do it this way, then the permissions of the remote file will be controlled by the remote system user's umask (for a new file), and will normally be unchanged for an existing file.

Please refer to the documentation for the Co:Z SFTP put subcommand (which is the same as in OpenSSH sftp):
https://dovetail.com/docs/sftp/cozsftp_ref.html

You can use the put command -p switch to copy the permissions of the local file to the remote file.

put -p localfile remotfile

Under the covers, this will cause CO:Z SFTP client to send a sftp "FXP_FSETSTAT" message just before FXP_CLOSE.

If you run cozsftp with -vvv you can see this extra message, which is type=10:

PosixFile: Closing file /SYSTEM/etc/profile - 11655 bytes read, 11655 bytes sent
[53.634] debug3: Sent message fd 7 T:10 I:243358221
[53.634] debug3: SSH2_FXP_STATUS 0
[53.634] debug3: Sent message SSH2_FXP_CLOSE I:243358222
[53.635] debug3: SSH2_FXP_STATUS 0

giltjr
Posts: 14
Joined: Wed Jul 07, 2010 9:06 pm

Re: z/OS "file permissions"

Post by giltjr » Wed Aug 15, 2018 1:14 pm

Below is the output of a test I ran. I created 3 OMVS files on z/OS with different permissions. I then sent the files to Linux host and on the target host they had the same permissions as they had on the source host.

Attached is the output of my job with -vvv. The job did a "ls -l" on the z/OS side (client) to show the files then did a put for each file indvidually and then a "ls -l" on the remote side (Linux) to show the permission were the same as on both sides.

CoZBatch[N]: Copyright (C) 2005-2009 Dovetailed Technologies LLC. All rights reserved.
CoZBatch[N]: version 1.7.2 2010-07-23
CoZBatch: executing progname=login-shell="-/bin/sh"
CoZBatch: returning rc=exitcode=0
User ID is = jgiltner
Remote Server is = 172.16.111.75
Port is =-oPort=22
-rwxr-xr-x 1 BPXROOT TSW 5 Aug 15 13:44 jsg01.txt
-rwxr-xr-x 1 BPXROOT TSW 5 Aug 15 13:44 jsg02.txt
-rwx------ 1 BPXROOT TSW 5 Aug 15 13:44 jsg03.txt
cozsftp> lzopts mode=text
mode=text
cozsftp> -put /tmp/jsg01.txt
Uploading /tmp/jsg01.txt to /home/jgiltner/jsg01.txt
cozsftp> -put /tmp/jsg02.txt
Uploading /tmp/jsg02.txt to /home/jgiltner/jsg02.txt
cozsftp> -put /tmp/jsg03.txt
Uploading /tmp/jsg03.txt to /home/jgiltner/jsg03.txt
cozsftp> -ls -l jsg*.txt
-rwxr-xr-x 0 1002 1003 5 Aug 15 13:53 jsg01.txt
-rwxr-xr-x 0 1002 1003 5 Aug 15 13:53 jsg02.txt
-rwx------ 0 1002 1003 5 Aug 15 13:53 jsg03.txt
Return Code: 0
Co:Z SFTP version: 4.1.0 (6.4p1) 2016-10-04
Copyright (C) Dovetailed Technologies, LLC. 2008-2016. All rights reserved.
Connecting to 172.16.111.75...
[93.108] debug3: connect_to_server arg=/bin/ssh
[93.108] debug3: connect_to_server arg=-oForwardX11 no
[93.108] debug3: connect_to_server arg=-oForwardAgent no
[93.108] debug3: connect_to_server arg=-oClearAllForwardings yes
[93.108] debug3: connect_to_server arg=-o
[93.108] debug3: connect_to_server arg=BatchMode=no
[93.108] debug3: connect_to_server arg=-o
[93.108] debug3: connect_to_server arg=ConnectTimeout=60
[93.108] debug3: connect_to_server arg=-o
[93.108] debug3: connect_to_server arg=ServerAliveInterval=60
[93.108] debug3: connect_to_server arg=-o
[93.108] debug3: connect_to_server arg=UserKnownHostsFile=/dev/null
[93.108] debug3: connect_to_server arg=-o
[93.108] debug3: connect_to_server arg=StrictHostKeyChecking=no
[93.108] debug3: connect_to_server arg=-v
[93.108] debug3: connect_to_server arg=-v
[93.108] debug3: connect_to_server arg=-v
[93.108] debug3: connect_to_server arg=-obatchmode yes
[93.108] debug3: connect_to_server arg=-o
[93.108] debug3: connect_to_server arg=Port=22
[93.108] debug3: connect_to_server arg=-l
[93.108] debug3: connect_to_server arg=jgiltner
[93.108] debug3: connect_to_server arg=-oProtocol 2
[93.108] debug3: connect_to_server arg=-s
[93.108] debug3: connect_to_server arg=--
[93.108] debug3: connect_to_server arg=172.16.111.75
[93.108] debug3: connect_to_server arg=sftp
[93.126] debug2: setting ssh _CEE_RUNOPTS=HEAP(12M,1M,,FREE),ENVAR("_CEE_REALLOC_CONTROL=256K,25")
OpenSSH_6.4, OpenSSL 1.0.2h 3 May 2016
debug1: Reading configuration data /.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: cipher ok: aes128-ctr [aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,a
es192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se]
debug3: cipher ok: aes192-ctr [aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,a
es192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se]
debug3: cipher ok: aes256-ctr [aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,a
es192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se]
debug3: cipher ok: arcfour256 [aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,a
es192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se]
debug3: cipher ok: arcfour128 [aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,a
es192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se]
debug3: cipher ok: aes128-cbc [aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,a
es192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se]
debug3: cipher ok: 3des-cbc [aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes
192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se]
debug3: cipher ok: blowfish-cbc [aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc
,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se]
debug3: cipher ok: cast128-cbc [aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,
aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se]
debug3: cipher ok: aes192-cbc [aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,a
es192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se]
debug3: cipher ok: aes256-cbc [aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,a
es192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se]
debug3: cipher ok: arcfour [aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes1
92-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se]
debug3: cipher ok: rijndael-cbc@lysator.liu.se [aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-
cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se]
debug3: ciphers ok: [aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se]
debug2: mac_setup: found hmac-sha1-etm@openssh.com
debug3: mac ok: hmac-sha1-etm@openssh.com [hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hma
c-sha1-96-etm@openssh.com,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hm
ac-md5,hmac-md5-96,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64@openssh.com,umac-128@open
ssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com]
debug2: mac_setup: found hmac-sha2-256-etm@openssh.com
debug3: mac ok: hmac-sha2-256-etm@openssh.com [hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
,hmac-sha1-96-etm@openssh.com,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.co
m,hmac-md5,hmac-md5-96,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64@openssh.com,umac-128@
openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com]
debug2: mac_setup: found hmac-sha2-512-etm@openssh.com
debug3: mac ok: hmac-sha2-512-etm@openssh.com [hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
,hmac-sha1-96-etm@openssh.com,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.co
m,hmac-md5,hmac-md5-96,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64@openssh.com,umac-128@
openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com]
debug2: mac_setup: found hmac-sha1-96-etm@openssh.com
debug3: mac ok: hmac-sha1-96-etm@openssh.com [hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
hmac-sha1-96-etm@openssh.com,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com
,hmac-md5,hmac-md5-96,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64@openssh.com,umac-128@o
penssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com]
debug2: mac_setup: found hmac-sha1
debug3: mac ok: hmac-sha1 [hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-96-etm@op
enssh.com,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-md5-
96,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-rip
emd160,hmac-ripemd160@openssh.com]
debug2: mac_setup: found hmac-sha2-256
debug3: mac ok: hmac-sha2-256 [hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-96-et
m@openssh.com,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-
md5-96,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac
-ripemd160,hmac-ripemd160@openssh.com]
debug2: mac_setup: found hmac-sha2-512
debug3: mac ok: hmac-sha2-512 [hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-96-et
m@openssh.com,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-
md5-96,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac
-ripemd160,hmac-ripemd160@openssh.com]
debug2: mac_setup: found hmac-sha1-96
debug3: mac ok: hmac-sha1-96 [hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-96-etm
@openssh.com,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-m
d5-96,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-
ripemd160,hmac-ripemd160@openssh.com]
debug2: mac_setup: found hmac-md5-etm@openssh.com
debug3: mac ok: hmac-md5-etm@openssh.com [hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac
-sha1-96-etm@openssh.com,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hma
c-md5,hmac-md5-96,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64@openssh.com,umac-128@opens
sh.com,hmac-ripemd160,hmac-ripemd160@openssh.com]
debug2: mac_setup: found hmac-md5-96-etm@openssh.com
debug3: mac ok: hmac-md5-96-etm@openssh.com [hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,h
mac-sha1-96-etm@openssh.com,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,
hmac-md5,hmac-md5-96,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64@openssh.com,umac-128@op
enssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com]
debug2: mac_setup: found hmac-md5
debug3: mac ok: hmac-md5 [hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-96-etm@ope
nssh.com,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-md5-9
6,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-ripe
md160,hmac-ripemd160@openssh.com]
debug2: mac_setup: found hmac-md5-96
debug3: mac ok: hmac-md5-96 [hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-96-etm@
openssh.com,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-md
5-96,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-r
ipemd160,hmac-ripemd160@openssh.com]
debug2: mac_setup: found umac-64-etm@openssh.com
debug3: mac ok: umac-64-etm@openssh.com [hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-
sha1-96-etm@openssh.com,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac
-md5,hmac-md5-96,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64@openssh.com,umac-128@openss
h.com,hmac-ripemd160,hmac-ripemd160@openssh.com]
debug2: mac_setup: found umac-128-etm@openssh.com
debug3: mac ok: umac-128-etm@openssh.com [hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac
-sha1-96-etm@openssh.com,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hma
c-md5,hmac-md5-96,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64@openssh.com,umac-128@opens
sh.com,hmac-ripemd160,hmac-ripemd160@openssh.com]
debug2: mac_setup: found hmac-ripemd160-etm@openssh.com
debug3: mac ok: hmac-ripemd160-etm@openssh.com [hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.co
m,hmac-sha1-96-etm@openssh.com,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.c
om,hmac-md5,hmac-md5-96,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64@openssh.com,umac-128
@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com]
debug2: mac_setup: found umac-64@openssh.com
debug3: mac ok: umac-64@openssh.com [hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1
-96-etm@openssh.com,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5
,hmac-md5-96,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.co
m,hmac-ripemd160,hmac-ripemd160@openssh.com]
debug2: mac_setup: found umac-128@openssh.com
debug3: mac ok: umac-128@openssh.com [hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha
1-96-etm@openssh.com,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md
5,hmac-md5-96,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.c
om,hmac-ripemd160,hmac-ripemd160@openssh.com]
debug2: mac_setup: found hmac-ripemd160
debug3: mac ok: hmac-ripemd160 [hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-96-e
tm@openssh.com,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac
-md5-96,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hma
c-ripemd160,hmac-ripemd160@openssh.com]
debug2: mac_setup: found hmac-ripemd160@openssh.com
debug3: mac ok: hmac-ripemd160@openssh.com [hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hm
ac-sha1-96-etm@openssh.com,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,h
mac-md5,hmac-md5-96,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64@openssh.com,umac-128@ope
nssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com]
debug3: macs ok: [hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-96-etm@openssh.com
,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-md5-96,umac-6
4-etm@openssh.com,umac-128-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-ripemd160,hm
ac-ripemd160@openssh.com]
debug3: cipher ok: aes128-ctr [aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,3des-cb
c,aes256-gcm@openssh.com,aes128-gcm@openssh.com,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: aes192-ctr [aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,3des-cb
c,aes256-gcm@openssh.com,aes128-gcm@openssh.com,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: aes256-ctr [aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,3des-cb
c,aes256-gcm@openssh.com,aes128-gcm@openssh.com,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: aes128-cbc [aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,3des-cb
c,aes256-gcm@openssh.com,aes128-gcm@openssh.com,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: aes192-cbc [aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,3des-cb
c,aes256-gcm@openssh.com,aes128-gcm@openssh.com,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: aes256-cbc [aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,3des-cb
c,aes256-gcm@openssh.com,aes128-gcm@openssh.com,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: rijndael-cbc@lysator.liu.se [aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysat
or.liu.se,3des-cbc,aes256-gcm@openssh.com,aes128-gcm@openssh.com,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: 3des-cbc [aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,3des-cbc,
aes256-gcm@openssh.com,aes128-gcm@openssh.com,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: aes256-gcm@openssh.com [aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.li
u.se,3des-cbc,aes256-gcm@openssh.com,aes128-gcm@openssh.com,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: aes128-gcm@openssh.com [aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.li
u.se,3des-cbc,aes256-gcm@openssh.com,aes128-gcm@openssh.com,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: arcfour128 [aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,3des-cb
c,aes256-gcm@openssh.com,aes128-gcm@openssh.com,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: arcfour256 [aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,3des-cb
c,aes256-gcm@openssh.com,aes128-gcm@openssh.com,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: blowfish-cbc [aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,3des-
cbc,aes256-gcm@openssh.com,aes128-gcm@openssh.com,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: cast128-cbc [aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,3des-c
bc,aes256-gcm@openssh.com,aes128-gcm@openssh.com,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: arcfour [aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,3des-cbc,a
es256-gcm@openssh.com,aes128-gcm@openssh.com,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: ciphers ok: [aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,3des-cbc,aes256-g
cm@openssh.com,aes128-gcm@openssh.com,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug1: Reading configuration data /etc/ssh/zos_ssh_config
debug3: setUseZEDC: 0
debug1: zsshSmfSetConnSmfStatus: SMF status is 0
debug1: zsshVerifyIcsfSetup: ICSF FMID is 'HCR77C0 '
debug1: zsshVerifyIcsfSetup: ICSF FMID for OS/390 04.26.00 is "HCR77C0 OS/390"
debug1: zsshVerifyIcsfSetup (159): CSFIQA successful: return code = 0, reason code = 0
debug2: -----------------------------------
debug2: CRYPTO SIZE KEY SOURCE
debug2: -----------------------------------
debug2: AES 256 SECURE COP
debug2: AES 256 SECURE CPU
debug2: DES 56 SECURE COP
debug2: DES 56 SECURE CPU
debug2: ECC-BP 512 SECURE COP
debug2: ECC-PRIM 521 SECURE COP
debug2: HMAC 2048 SECURE COP
debug2: MDC-2 128 NA CPU
debug2: MDC-4 128 NA CPU
debug2: MD5 128 NA SW
debug2: RNGL 8192 NA COP
debug2: RPMD-160 160 NA SW
debug2: RSA-GEN 4096 SECURE COP
debug2: RSA-KM 4096 SECURE COP
debug2: RSA-SIG 4096 SECURE COP
debug2: SHA-1 160 NA CPU
debug2: SHA-2 512 NA CPU
debug2: TDES 168 SECURE COP
debug2: TDES 168 SECURE CPU
debug2: ssh_connect: needpriv 0
debug1: Connecting to 172.16.111.75 [172.16.111.75] port 22.
debug2: fd 3 setting O_NONBLOCK
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug1: cipher_init: none from source OpenSSL, used in non-FIPS mode
debug1: cipher_init: none from source OpenSSL, used in non-FIPS mode
debug3: timeout: 59994 ms remain after connect
debug1: permanently_set_uid: 0/2888
debug3: zsshGetpw: passwd name=ATP1JSG, uid=0, gid=2888, dir=/, shell=/bin/sh
debug3: Incorrect RSA1 identifier
debug3: Could not load "/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /.ssh/id_rsa type 1
debug1: identity file /.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.5
debug1: match: OpenSSH_7.5 pat OpenSSH*
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "172.16.111.75" from file "/dev/null"
debug3: load_hostkeys: loaded 0 keys
debug3: load_hostkeys: loading entries for host "172.16.111.75" from file "/etc/ssh/ssh_known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hell
man-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cer
t-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.co
m,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes19
2-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes19
2-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-96-etm@op
enssh.com,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-md5-
96,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-rip
emd160,hmac-ripemd160@openssh.com
debug2: kex_parse_kexinit: hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-96-etm@op
enssh.com,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-md5-
96,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-rip
emd160,hmac-ripemd160@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,d
iffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie
-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.
com
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.
com
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.
com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.
com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug1: mac_setup_by_alg: hmac-sha1-etm@openssh.com from source CPACF, used in non-FIPS mode
debug2: mac_setup: found hmac-sha1-etm@openssh.com
debug1: kex: server->client aes128-ctr hmac-sha1-etm@openssh.com none
debug1: mac_setup_by_alg: hmac-sha1-etm@openssh.com from source CPACF, used in non-FIPS mode
debug2: mac_setup: found hmac-sha1-etm@openssh.com
debug1: kex: client->server aes128-ctr hmac-sha1-etm@openssh.com none
debug1: choose_kex: ecdh-sha2-nistp256 from source OpenSSL, used in non-FIPS mode
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA MD5 fp ec:eb:5e:a3:3c:7b:56:6c:a3:e2:5a:8c:f9:8b:aa:fe
debug3: load_hostkeys: loading entries for host "172.16.111.75" from file "/dev/null"
debug3: load_hostkeys: loaded 0 keys
debug3: load_hostkeys: loading entries for host "172.16.111.75" from file "/etc/ssh/ssh_known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug3: __catgets: NLS setup complete (1), using message catalog openssh.cat
FOTS2274 Warning: Permanently added '172.16.111.75' (ECDSA) to the list of known hosts.
debug1: ssh_ecdsa_verify: signature correct
debug3: zsshSmfSetAuthenticationKey: serverKey=1 key=1A71A020
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: cipher_init: aes128-ctr from source CPACF, used in non-FIPS mode
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: cipher_init: aes128-ctr from source CPACF, used in non-FIPS mode
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /.ssh/id_rsa (1A70CF20), explicit
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /.ssh/id_rsa
debug3: zsshSmfSetAuthenticationKey: serverKey=0 key=1A70CF20
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: MD5 fp d5:6c:c2:31:f6:8e:1c:54:41:e0:5c:4c:7b:d4:2f:ff
debug3: zsshSmfSetAuthenticationKey: serverKey=0 key=1A70CF20
debug3: sign_and_send_pubkey: RSA MD5 fp d5:6c:c2:31:f6:8e:1c:54:41:e0:5c:4c:7b:d4:2f:ff
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to 172.16.111.75 ([172.16.111.75]:22).
debug3: zsshZertSetAttributes(2): SECATTR_IOCTL: 010202000000113c000000001b389fe0c9c2d440d6978595e2e2c840404040400000000000000000000
0000000000000
debug3: zsshZertSetAttributes(2): _SECATTR_SSH_SPEC: 0200c00000000000e2c6e3d7c340404000030000000f00040006000f00040006000501000002080
000100010
debug3: zERT SIOCSECATTR failed: EDC5247I OPERATION NOT SUPPORTED. (errno2=0x76647365)
debug3: options.client_smf = none
debug2: fd 5 setting O_NONBLOCK
debug2: fd 6 setting O_NONBLOCK
debug2: fd 7 setting O_NONBLOCK
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug1: Sending subsystem: sftp
debug3: channel 0: is not converting type "subsystem"
debug2: channel 0: request subsystem confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: subsystem request accepted on channel 0
[93.783] debug2: Remote version: 3
[93.783] debug2: Server supports extension "posix-rename@openssh.com" revision 1
[93.783] debug2: Server supports extension "statvfs@openssh.com" revision 2
[93.783] debug2: Server supports extension "fstatvfs@openssh.com" revision 2
[93.783] debug2: Server supports extension "hardlink@openssh.com" revision 1
[93.783] debug2: Unrecognised server extension "fsync@openssh.com"
Connected to 172.16.111.75.
Connection established, local_addr=172.16.206.1 local_port=1034 remote_addr=172.16.111.75 remote_port=22
[93.866] debug3: Sent message fd 6 T:16 I:0
[93.872] debug3: SSH_FXP_REALPATH . -> /home/jgiltner size 0
[93.872] debug3: Looking up /tmp/jsg01.txt
ZosSettings: Transfer options: clientcp=IBM-1047,mode=text,servercp=ISO8859-1,trim
[93.872] debug3: Sent message SSH2_FXP_OPEN I:1 P:/home/jgiltner/jsg01.txt
[93.879] debug3: Sent message SSH2_FXP_WRITE I:2 O:0 S:5
[93.885] debug3: SSH2_FXP_STATUS 0
[93.885] debug3: In write loop, ack for 2 5 bytes at 0
PosixFile: Closing file /SYSTEM/tmp/jsg01.txt - 5 bytes read, 5 bytes sent
[93.885] debug3: Sent message SSH2_FXP_CLOSE I:2
[93.892] debug3: SSH2_FXP_STATUS 0
[93.892] debug3: Looking up /tmp/jsg02.txt
ZosSettings: Transfer options: clientcp=IBM-1047,mode=text,servercp=ISO8859-1,trim
[93.892] debug3: Sent message SSH2_FXP_OPEN I:3 P:/home/jgiltner/jsg02.txt
[93.898] debug3: Sent message SSH2_FXP_WRITE I:4 O:0 S:5
[93.905] debug3: SSH2_FXP_STATUS 0
[93.905] debug3: In write loop, ack for 4 5 bytes at 0
PosixFile: Closing file /SYSTEM/tmp/jsg02.txt - 5 bytes read, 5 bytes sent
[93.905] debug3: Sent message SSH2_FXP_CLOSE I:4
[93.911] debug3: SSH2_FXP_STATUS 0
[93.911] debug3: Looking up /tmp/jsg03.txt
ZosSettings: Transfer options: clientcp=IBM-1047,mode=text,servercp=ISO8859-1,trim
[93.912] debug3: Sent message SSH2_FXP_OPEN I:5 P:/home/jgiltner/jsg03.txt
[93.918] debug3: Sent message SSH2_FXP_WRITE I:6 O:0 S:5
[93.925] debug3: SSH2_FXP_STATUS 0
[93.925] debug3: In write loop, ack for 6 5 bytes at 0
PosixFile: Closing file /SYSTEM/tmp/jsg03.txt - 5 bytes read, 5 bytes sent
[93.925] debug3: Sent message SSH2_FXP_CLOSE I:6
[93.931] debug3: SSH2_FXP_STATUS 0
[93.938] debug3: Sending SSH2_FXP_READDIR I:8
[93.947] debug3: Received reply T:104 I:8
[93.947] debug3: Received 11 SSH2_FXP_NAME responses
[93.947] debug3: Sending SSH2_FXP_READDIR I:9
[93.955] debug3: Received reply T:101 I:9
[93.955] debug3: Received SSH2_FXP_STATUS 1
[93.955] debug3: Sent message SSH2_FXP_CLOSE I:10
[93.961] debug3: SSH2_FXP_STATUS 0
[93.961] debug3: Sent message fd 6 T:7 I:11
[93.968] debug3: Received stat reply T:105 I:11
[93.968] debug3: Sent message fd 6 T:7 I:12
[93.974] debug3: Received stat reply T:105 I:12
[93.974] debug3: Sent message fd 6 T:7 I:13
[93.981] debug3: Received stat reply T:105 I:13
debug2: channel 0: read<=0 rfd 5 len 0
debug2: channel 0: read failed
debug2: channel 0: close_read
debug2: channel 0: input open -> drain
debug2: channel 0: ibuf empty
debug2: channel 0: send eof
debug2: channel 0: input drain -> closed
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug3: channel 0: is not converting type "exit-status"
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cfd -1)
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
debug1: fd 2 clearing O_NONBLOCK
Transferred: sent 4032, received 4756 bytes, in 0.6 seconds
Bytes per second: sent 6908.7, received 8149.3
debug1: Exit status 0

giltjr
Posts: 14
Joined: Wed Jul 07, 2010 9:06 pm

Re: z/OS "file permissions"

Post by giltjr » Wed Aug 15, 2018 1:33 pm

Based on what I have read it seems that the sending side is supposed to issue a file open. The file open has a list of parameters including file attributes. Included in the file attributes should bhe the file permissions of the source file and the server should usee them. At least that is what I am reading.

https://tools.ietf.org/html/draft-ietf- ... ilexfer-13

In section 8.1.1 I see:

8.1.1. Opening a File

Files are opened and created using the SSH_FXP_OPEN message.

byte SSH_FXP_OPEN
uint32 request-id
string filename [UTF-8]
uint32 desired-access
uint32 flags
ATTRS attrs

WHen I look at section 7. File Attributes I see the below. In it I see "uint32 permissions if flag PERMISSIONS"

7. File Attributes

A new compound data type, 'ATTRS', is defined for encoding file
attributes. The same encoding is used both when returning file
attributes from the server and when sending file attributes to the
server.



uint32 valid-attribute-flags
byte type always present
uint64 size if flag SIZE
uint64 allocation-size if flag ALLOCATION_SIZE
string owner if flag OWNERGROUP
string group if flag OWNERGROUP
uint32 permissions if flag PERMISSIONS
int64 atime if flag ACCESSTIME
uint32 atime-nseconds if flag SUBSECOND_TIMES
int64 createtime if flag CREATETIME
uint32 createtime-nseconds if flag SUBSECOND_TIMES
int64 mtime if flag MODIFYTIME
uint32 mtime-nseconds if flag SUBSECOND_TIMES
int64 ctime if flag CTIME
uint32 ctime-nseconds if flag SUBSECOND_TIMES
string acl if flag ACL
uint32 attrib-bits if flag BITS
uint32 attrib-bits-valid if flag BITS
byte text-hint if flag TEXT_HINT
string mime-type if flag MIME_TYPE
uint32 link-count if flag LINK_COUNT
string untranslated-name if flag UNTRANSLATED_NAME
uint32 extended-count if flag EXTENDED
extension-pair extensions

Permissions are covered in section 7.6 which has the below. If you notice it says "The server "SHOULD NOT" apply a 'umask' to the mode bits, but should set the buts as specified by the cllient."

7.6. Permissions

The 'permissions' field contains a bit mask specifying file
permissions. These permissions correspond to the st_mode field of
the stat structure defined by POSIX [IEEE.1003-1.1996].

This protocol uses the following values for the symbols declared in
the POSIX standard.

S_IRUSR 0000400 (octal)
S_IWUSR 0000200
S_IXUSR 0000100
S_IRGRP 0000040
S_IWGRP 0000020
S_IXGRP 0000010
S_IROTH 0000004
S_IWOTH 0000002
S_IXOTH 0000001
S_ISUID 0004000
S_ISGID 0002000
S_ISVTX 0001000

Implementations MUST NOT send bits that are not defined.

The server SHOULD NOT apply a 'umask' to the mode bits; but should
set the mode bits as specified by the client. The client MUST apply
an appropriate 'umask' to the mode bits before sending them.

dovetail
Site Admin
Posts: 1840
Joined: Thu Jul 29, 2004 12:12 pm

Re: z/OS "file permissions"

Post by dovetail » Wed Aug 15, 2018 3:40 pm

Co:Z SFTP in this respect does not change how OpenSSH works.

Unfortunately, none of the draft RFCs for SFTP were ever adopted.
The RFC draft that you reference is SFTP Protocol Version 6.
OpenSSH uses the draft for SFTP Protocol Version 3.
https://tools.ietf.org/html/draft-ietf- ... ilexfer-02
The Version 3 draft has nothing to say about Permissions and umask.

For put, the OpenSSH (and Co:Z) sftp uses the local file's permissions and sends them on FXP_OPEN.

If you want to see how the OpenSSH sftp server works, look at sftp-server.c, function process_open().

The OpenSSH sftp server, in sftp-server::process_open() takes these permission bits and passes them as the third arg ("mode") to open().

Here's the linux man page for open:
http://man7.org/linux/man-pages/man2/open.2.html
The mode argument specifies the file mode bits be applied when a new file is created. This argument must be supplied when O_CREAT or O_TMPFILE is specified in flags; if neither O_CREAT nor O_TMPFILE is specified, then mode is ignored. The effective mode is modified by the process's umask in the usual way: in the absence of a default ACL, the mode of the created file is (mode & ~umask).
So when putting to a new file on the server, the source file's permission bits are filtered through the remote server's umask.
For replacing an existing file, the permissions will not be changed.
However, If you use the "-p" option on put, then then the client will send the FXP_FSETSTAT message with the source file's permissions just before closing it. The server (process_fsetstat()) will do a fchmod() using these permissions, which is not filtered by umask.

giltjr
Posts: 14
Joined: Wed Jul 07, 2010 9:06 pm

Re: z/OS "file permissions"

Post by giltjr » Wed Aug 15, 2018 10:01 pm

Yes, I noticed all of the RFC's were draft and that some of them don't mention the permissions. It has always amazed me that with different programmers writing programs based on RFC's can get anything to work together. Even RFC's that have been made a standard.

What permissions are used when the source file is a z/OS file, which really does not have "permissions"?

giltjr
Posts: 14
Joined: Wed Jul 07, 2010 9:06 pm

Re: z/OS "file permissions"

Post by giltjr » Wed Aug 15, 2018 10:22 pm

Need to do more research. It looks like by default the sftp server uses a umask of 0000, at least the one I am testing with.

Which means don't change what the client sends. I need to verify with the site we are having the problem with what sftp server they are running and what umask it might be using.

So I still need to know what CoZ sends when the source file is a z/OS file.

dovetail
Site Admin
Posts: 1840
Joined: Thu Jul 29, 2004 12:12 pm

Re: z/OS "file permissions"

Post by dovetail » Thu Aug 16, 2018 10:02 am

The Co:Z SFTP client uses perm=666 when uploading z/OS data sets. This means that the remote server's umask would control permissions when creating a new remote file, unless the "-p" switch on the put command was used.

My suggestion for debugging this would be to run your put jobs like this:
//SFTPCONN EXEC PROC=SFTPPROC
//SFTPIN DD *
user=myuser
host=myhost
lfile=/my/local/file
rfile=/the/remote/file
lzopts="mode=text"

. $script_dir/sftp_connect.sh << EOB
lzopts $lzopts
-ls -al $rfile # existing?
put $lfile $rfile
ls -al $rfile
EOB
//

This way, you have a record of what the permissions were after you sent the file.

giltjr
Posts: 14
Joined: Wed Jul 07, 2010 9:06 pm

Re: z/OS "file permissions"

Post by giltjr » Thu Aug 16, 2018 12:32 pm

Thanks. I had already done that and the file permissions were "wrong" (not what they were expecting) as soon as the transfer finished. I have ask them what software is providing their sftp server function and a couple things to checked. I have explained how this should work and that since we are sending 666 to start with and normally it ends us as 644, they definitely have their sftp server setup to apply a umask.

They have asked us to send the file to a different server and they are going to monitor it and see what happens.

Thanks for all of the help.

dovetail
Site Admin
Posts: 1840
Joined: Thu Jul 29, 2004 12:12 pm

Re: z/OS "file permissions"

Post by dovetail » Thu Aug 16, 2018 12:58 pm

According to your trace, the remote server is running OpenSSH 7.5:
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.5

It is possible for them to set up sshd_config, the Subsystem sftp option so that sftp-server is run with the -u switch to override the user's default umask

See: https://man.openbsd.org/sftp-server

Post Reply