SFTP and 7 character userids

A discussion of Co:Z sftp, a port of OpenSSH sftp for z/OS
Post Reply
tsgapd
Posts: 4
Joined: Tue Apr 14, 2015 9:27 am

SFTP and 7 character userids

Post by tsgapd » Thu Feb 20, 2020 10:49 am

Had an odd one yesterday that I'd like to share and see if anyone else has come across anything similar.

We have Co:Z SFTP (5.6.0) on z/OS (2.3) with a number of 6 and 8 character users regularly sending files into us. They all have OMVS segments defined in RACF with home directories pointing to USS and all works lovely.

Yesterday a 7 character user id was created with an OMVS home directory pointing to a valid USS directory of which it had all the right access.

OMVS INFORMATION
----------------
HOME= /u/SFTP/VALU
PROGRAM= /bin/sh

Odd thing is it doesn't go into the home directory at logon. A debug shows:
debug3: SSH_FXP_REALPATH . -> //FTPVALU size 0

If I copy that user id to 8 characters with the same OMVS segment it works fine
debug3: SSH_FXP_REALPATH . -> /u/SFTP/VALU size 0

Logging onto SSH both userids present in the correct home directory so it does look to be Co:Z

In /etc/ssh/sftp-server.rc we have "export SFTP_ZOS_INITIAL_DIR=// " coded. The removal of this fixes the issue for the 7 character userid.

We can also code a specific entry for the user in /u/SFTP/VALU/.ssh/sftp-server.rc - "export SFTP_ZOS_INITIAL_DIR=/u/SFTP/VALU" and this also resolves our issue.

Any help/ observations appreciated.

Regards,

Andrew Davis

dovetail
Site Admin
Posts: 1933
Joined: Thu Jul 29, 2004 12:12 pm

Re: SFTP and 7 character userids

Post by dovetail » Fri Apr 10, 2020 7:10 am

If you have:

export SFTP_ZOS_INITIAL_DIR=//

then, your initial directory *should* be "//userid". This syntax means that your "directory" will be the data sets under qualifier 'userid'.

There is a defect however - this does not work for 8-character userids, so you get your home (Unix) directory.
Currently the only work around is for the user to have "export SFTP_ZOS_INITIAL_DIR=//userid" in their $HOME/.ssh/sftp-server.rc
(where "userid" is the userid they want to use as their HLQ"). We will release a fix for this in the next release.

So - what you are reporting as "broken" for < 8 character userids is actually working properly.
If you want to use the UNIX $HOME directory as the initial directory, then don't export this variable.

dovetail
Site Admin
Posts: 1933
Joined: Thu Jul 29, 2004 12:12 pm

Re: SFTP and 7 character userids

Post by dovetail » Fri May 15, 2020 8:33 am

The problem with using 8 character userids with SFTP_ZOS_INITIAL_DIR=// was corrected in release 6.1.0

Post Reply