HPE Community
Operating System - OpenVMS
1751710 Members
5293 Online
108781 Solutions
New Discussion юеВ

Re: FTP Account, no privileges

 
SOLVED
Go to solution
Dario Karlen
Frequent Advisor

тАО10-18-2005 08:06 PM

тАО10-18-2005 08:06 PM

Re: FTP Account, no privileges

KARLEND > sh def
DSA2:[WAL.XFER]
KARLEND > show prot
SYSTEM=RWED, OWNER=RWED, GROUP=RE, WORLD=NO ACCESS
0 Kudos
Dario Karlen
Frequent Advisor

тАО10-18-2005 08:09 PM

тАО10-18-2005 08:09 PM

Re: FTP Account, no privileges

UAF> sh ftp

Username: FTP Owner: ANONYMOUS
Account: ANONY UIC: [400,20] ([FTP])
CLI: DCL Tables: DCLTABLES
Default: DSA2:[WAL.XFER]
LGICMD:
Flags: DisCtlY LockPwd DisWelcome DisNewMail DisMail DisReport DisReconnect
Primary days: Mon Tue Wed Thu Fri
Secondary days: Sat Sun
Primary 000000000011111111112222 Secondary 000000000011111111112222
Day Hours 012345678901234567890123 Day Hours 012345678901234567890123
Network: ##### Full access ###### ##### Full access ######
Batch: ----- No access ------ ----- No access ------
Local: ----- No access ------ ----- No access ------
Dialup: ----- No access ------ ----- No access ------
Remote: ##### Full access ###### ##### Full access ######
Expiration: (none) Pwdminimum: 6 Login Fails: 0
Pwdlifetime: (none) Pwdchange: (pre-expired)
Last Login: 19-OCT-2005 08:39 (interactive), 19-OCT-2005 08:32 (non-interactive)
Maxjobs: 0 Fillm: 50 Bytlm: 52200
Maxacctjobs: 0 Shrfillm: 0 Pbytlm: 0
Maxdetach: 0 BIOlm: 18 JTquota: 4096
Prclm: 8 DIOlm: 18 WSdef: 350
Prio: 8 ASTlm: 100 WSquo: 512
Queprio: 4 TQElm: 15 WSextent: 512
CPU: (none) Enqlm: 100 Pgflquo: 10240
Authorized Privileges:
NETMBX TMPMBX
Default Privileges:
NETMBX TMPMBX
0 Kudos
John Abbott_2
Esteemed Contributor

тАО10-18-2005 08:11 PM

тАО10-18-2005 08:11 PM

Re: FTP Account, no privileges

Dario, you post gives your current processes default protection for new files. Issue a $ dir/sec DSA2:[WAL]XFER.dir to get the details on the directory file.

Try my suggested $ set security/acl=(id=[ftp],access=read+execute+write) DSA2:[WAL]XFER.dir
Don't do what Donny Dont does
0 Kudos
Dario Karlen
Frequent Advisor

тАО10-18-2005 08:23 PM

тАО10-18-2005 08:23 PM

Re: FTP Account, no privileges

before
KARLEND > dir/sec DSA2:[WAL]XFER.dir

Directory DSA2:[WAL]

XFER.DIR;1 217 19-FEB-2001 14:14:13.07 [SYSTEM]
(RWE,RWE,RE,E)

Total of 1 file, 217 blocks.

and after your command:
KARLEND > set security/acl=(id=[ftp],access=read+execute+write) DSA2:[WAL]XFER.d
KARLEND > dir/sec DSA2:[WAL]XFER.dir

Directory DSA2:[WAL]

XFER.DIR;1 217 19-FEB-2001 14:14:13.07 [SYSTEM]
(RWE,RWE,RE,E)
(IDENTIFIER=[FTP],ACCESS=READ+WRITE+EXECUTE)

Total of 1 file, 217 blocks.

you re my man! good work, thanks a lot, it works fine
0 Kudos
John Abbott_2
Esteemed Contributor

тАО10-18-2005 08:26 PM

тАО10-18-2005 08:26 PM

Re: FTP Account, no privileges

:-) Good stuff ! The important thing here is that you try and find time to understand the commands used. There are lots more things you can do to protect your system further, all it takes is knowledge !

Best
John.
Don't do what Donny Dont does
0 Kudos
Dario Karlen
Frequent Advisor

тАО10-18-2005 09:28 PM

тАО10-18-2005 09:28 PM

Re: FTP Account, no privileges

thanks a lot, i'm a young programmer and have to manage the vms as a system manager by the way. so it takes a lot of time to get the knowledge :)
one last question: i set the security for the directory, but every hour a process creates a file and copies it to this dir. the new file has still the old security, so i cannot read it with the ftp account. what do i have to change?
0 Kudos
John Abbott_2
Esteemed Contributor

тАО10-18-2005 09:55 PM

тАО10-18-2005 09:55 PM

Re: FTP Account, no privileges

You need this command:
$ set security/acl=(id=[ftp],options=default,access=read+execute+write) DSA2:[WAL]XFER.dir

This will allow user ftp rwe access to files created by someone else (who has permission to write into this area).
Don't do what Donny Dont does
0 Kudos
John Abbott_2
Esteemed Contributor

тАО10-18-2005 09:59 PM

тАО10-18-2005 09:59 PM

Re: FTP Account, no privileges

not sure if you know this one... you need to apply this permission to existing files within the directory $ set file/acl/def/log DSA2:[WAL.XFER...]*.*;*

This assumes you're happy to allow r+w+e access for user ftp to all files in xerf and below. You might just want r(read). In that case you can edit the security acl by typing $ edit/acl xfer.dir;
Don't do what Donny Dont does
0 Kudos
Dario Karlen
Frequent Advisor

тАО10-18-2005 10:06 PM

тАО10-18-2005 10:06 PM

Re: FTP Account, no privileges

that's not necessary, but helps!

now i have 2 colons in the dir/secu
KARLEND > dir/secu [wal]xfer.dir

Directory DSA2:[WAL]

XFER.DIR;1 217 19-FEB-2001 14:14:13.07 [SYSTEM]
(RWE,RWE,RE,E)
(IDENTIFIER=[FTP],OPTIONS=DEFAULT,ACCESS=READ+WRITE+EXECUTE)
(IDENTIFIER=[FTP],ACCESS=READ+WRITE+EXECUTE)

Total of 1 file, 217 blocks.

can i remove the secend one? and how can remove it?
i'm very happy to get such a help from an old hand, THANK YOU!
0 Kudos
John Abbott_2
Esteemed Contributor

тАО10-18-2005 10:36 PM

тАО10-18-2005 10:36 PM

Re: FTP Account, no privileges

You need them both. The one with options=default propagates the ACL properties to files within and below this dorectory, the one without is specifically for the directory, so they address your initial problem and you subsequent one!
Don't do what Donny Dont does
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.