Changing the Default Library for FTP User Profile

There are 2 ways to handle depending on where you want them to end up, In a library or on the IFS

1) If you want them to end up in a library simply change the user profile
CHGUSRPRF USRPRF(MYFTPUSER) CURLIB(MYFTPLIB)    

This will show
 "MYFTPLIB" is current library.

2) If you want them to end up on the IFS you will need to change some configurations for the FTP server and the user.
 
Change the ftp server to use path and home directory  
CHGFTPA NAMEFMT(*PATH)  CURDIR(*HOMEDIR)

Dont forget to end then start the FTP server after making the above change.
ENDTCPSVR SERVER(*FTP)
STRTCPSVR SERVER(*FTP)

Then change the user profile you are using to connect
CHGUSRPRF USRPRF(MYFTPUSER)  HOMEDIR('/HOME/MYFTPUSER')

When the user connects they will be in whatever home directory you assign, just make sure it exists.

 

Actually, the current library is set to the library I want them to use already.  However, when I log into an FTP session using this ID, it still defaults the library to QGPL.

check the server configuration

CFGTCPAPP *FTP

Look for the paramiter CURDIR it should say *CURLIB yours proabably say QGPL.

If that is not it check the authority of the library an make sure your user has *ALL authority to it.  

I checked the server configuration and it says *CURLIB and the profile has *ALL authority on the library I want them to use.  I'm still getting "Not able to set library QGPL for user" when I try to start an FTP session with this profile.

It sounds like the configuration you have is correct but thare are a few things to check.

Make sure the user profile has the CURLIB set to the correct library and not *CRTDFT

Do a WRKREGINF and look at the following exit points to make sure your sytem is not overriding the settings
QIBM_QTMF_CLIENT_REQ
QIBM_QTMF_SERVER_REQ
QIBM_QTMF_SVR_LOGON  
QIBM_QTMF_SVR_LOGON  
QIBM_QTMF_SVR_LOGON  

If you find a program atatched to any of the exit points you need to find out what it is doing.

Current library on the user profile points to the library I want and there are no programs attached to any of the exit points. =/

The changes you make to the server configuration become active after you restarted the server.

The server configurations were already set to what was recommended above.  There's still a setting that's not quite right somewhere.

Check the NAMEFMT paramter on CHGFTPA

The NAMEFMT parm is set to *LIB.

Increasing the points to 500.  I need to get this fixed.

Which OS/400 Version is installed?
Which Telnet Client are you using?

We're on V5R2.  As far as which telnet client, I'm not sure what answer you're looking for.

Are u using the telnet command from command prompt on a PC or are u using telnet command on the iSeries itself?

Actually, it would be an outside business partner.  I'm not sure what they would be using.  We're supposed to supply them with a user ID and password.  I've tried testing it using a command prompt.

Question 1:
you mean that u have typed ftp at the command prompt, typed in user and password and then when you typed in the PWD command you received "QGPL is current library" even if the CURLIB parameter on the USRPRF is different?

Question 2:
What if you type cd <yourlibrayname> into the ftp client? Does the library change?

Answer 1:  Right now I have all libraries locked down and QGPL is set to *CHANGE for the user profile that I'm trying to test.  I can log onto the AS/400 using a telnet interface (Reflections, Client Access, Rumba, etc.), but when I try to connect via FTP, I get "Not able to set library QGPL for user XXXXX; logon rejected.  Login failed."

Answer 2:  I do not want them to be able to change directories.  I want them to be able to log into *only* the library they are to upload a file to.

I was able to replicate you problem in the following way (even if i got an error message slighty different),
 - I created a new user profile.
 - I changed QGPL authorization and gave the USER auth *CHANGE to QGPL
 - I changed his CURLIB to a library to which the user have not authorisation
 - I started the FTP client and made a logon.
 - My current "dir" was QGPL
 - I logoff from the FTP client
 - I changed QGPL authorization and gave the USER auth *EXCLUDE to QGPL
 - I started the FTP client and made a logon.
 - I received the following error:
"530 Not able to set ASP group for user TSTTLN; logon rejected. Accesso non riuscito."
I think it's possible to translate "Accesso non riuscito" in "Login failed".

So what I think is that the USER has not the authority to use some object needed.

What you should do is:
 - replicate the problem (do not close your ftp session)
 - do WRKACTJOB SBS(QSYSWRK) JOB(QTFPT*)
 - find your job
 - look at his JOBLOG

What you should find is an error message reporting the name of the object for which the user need authorisation (in my test was the USRPRF JOBD).

I tried doing that and the error message I receive is "ASP group for thread X'0000000000000001' set to *NONE."  Unfortunately this is not incredibly helpful to me.

And when you have the
"Not able to set library QGPL for user XXXXX; logon rejected.  Login failed."
error: don't you find anything useful in the JOBLOG?

No.  Unfortunately that's the only message I get in the joblog related to the login failure.

How many QTFTP* jobs do you have?

We have four running.  There was only one that had it's joblog updated when I received a login failure and the message I posted was all I received.

Some other question to understand better...

Which is the value of QSECURITY sysval?
Are you using IASP?
What if you login with another user or with a user with USRCLS=*SECOFR?
What if you ftp using the iSeries Ftp Client?

QSECURITY = 40
I'm not sure what IASP is.
If I log on with my own user ID, I can login to FTP fine, but the default library is QGPL.  However, I never specified for it not to be.
I've never used the iSeries FTP Client and the outside user will more than likely just be using a command prompt (they're a UNIX shop).

Just for testing purposes:
change the USRCLS of the test user to be *SECOFR and see if you can login to FTP

I am still not able to log in via FTP and I receive the same error both on the FTP session and the FTP job running in QSYSWRK.

So, if the test user profile is not able to connect, whilst your usrprf is able to connect, i think there should be something different on the User Profile object.
Could you post the PRINT SCREEN of both usrprf so that we can check differences?

The difference between my user profile and this new one is that I have access to the world with mine, and the new profile is as restricted as you can possibly make it.  The new profile has no special authorities and is set to User Class *USER.

I found this document on IBM KB.
It shows the correct steps for configure a ftp user with authority just to a single library. Please not the top "Caution Box"!!!

Here is the link.

http://www-912.ibm.com/s_dir/slkbase.nsf/1ac66549a21402188625680b0002037e/fc43073abb4e0d3286256ab1005c19b3?OpenDocument&Highlight=2,ftp,security,single,library

Hope it can help!

I think you have to check if the user has logon access to the FTP server

Thank you KdeMaria.
Happy to have helped and thanks for points!
Me too have learned something new!!

Thanks for all the help!