Increasing Security and Control for FTP JES Interface

Provide mechanisms for disabling and restricting the use of the FTP JES interface.
Add a JESINTERFACELEVEL=0 option in configuration file FTP.DATA to prohibit FTP users from interfacing with JES. Allowing access to JES from FTP introduces a security exposure where a user can submit jobs and issue TSO commands with a batch TMP from a userid without a TSO segment, run REXX (IRXJCL) and BPXBATCH shells and programs that try to exploit system vulnerabilities.
For those installations who choose to keep the default JESINTERFACELEVEL=1 or set this option to 2, add SAF resource authorization checks to govern its use. One SAF resource would control use of the SITE command to restrict who can specify FILETYPE=JES. Another would control use of PUT with SITE FILETYPE=JES to restrict who can submit jobs via FTP. Yet another would control use of GET to restrict who can retrieve output. An alternative would be to have one resource and different access levels (e.g., READ to use GET and UPDATE to use PUT). These resource checks allow for auditability as well as control. Updates to the desired permissions would be performed easily and dynamically via a RACF/SAF profile instead of a redesign and re-compile of the FTCHKCMD user exit and recycle of the FTP server.
To maintain compatibility with current functionality, FTP Server would only deny commands where RACF/SAF returns CC > 4. A non-existent profile would not prevent SITE FILETYPE=JES from executing.
FTP command “SITE FILETYPE=JES” on a system that has either JESINTERFACELEVEL=0 or that receives CC > 4 from RACF/SAF, denies the command and returns Server “500 Unknown Command”.
FTP command “SITE FILETYPE=JES” on a system that has either JESINTERFACELEVEL=1 or JESINTERFACELEVEL=2 and that receives CC <= 4 from RACF/SAF, permits the command and returns Server “200 Command Accepted”.