Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-27-2004 06:27 AM
тАО07-27-2004 06:27 AM
FTP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-27-2004 08:34 AM
тАО07-27-2004 08:34 AM
Re: FTP
(ID=NETWORL, ACCESS=NONE) so of thing
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-27-2004 08:41 AM
тАО07-27-2004 08:41 AM
Re: FTP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-27-2004 12:51 PM
тАО07-27-2004 12:51 PM
Re: FTP
For ANONYMOUS FTP, you can limit which directories are accessible by defining the /SYSTEM/EXEC logical name TCPIP$FTP_ANONYMOUS_DIRECTORY. It's a search list containing the names of directories which may be accessed. Indeed, you MUST to this logical name to grant anonymous access to directories other than the default.
For FTP connections which use a valid username/password, those users should have access to any file(s) they would "normally" have access to if logged in interactively. For most purposes it doesn't make sense to limit access just for FTP connections. Consider, I could just log in, copy whatever file I wanted to my home directory and then FTP to copy it from there (or, just make an *outbound* FTP connection and push the file without having to make a local copy).
However, if you really want to, you can protect any object with an ACL that prevents FTP connections from access, but grants access from non-network connections. As Ian suggested, all FTP (and other "network" class processes) hold the NETWORK identifier, which can be used to block access:
$ SET SECURITY/ACL=(IDENTIFIER=NETWORK,ACCESS=NONE) somefile.dat
If you want to be able to limit only some users, then create a general identifier (say FTP_RESTRICT) and grant that to users you want to restrict. Then use
$ SET SECURITY/ACL=(IDENTIFIER=NETWORK+FTP_RESTRICT,ACCESS=NONE) somefile.dat
Note that this will affect ALL network accesses (for example, including DECnet accesses). If you want to limit ONLY FTP connections, you can do that too, but it's a bit more complex. Write a program which grants an identifier (hardcoded) to the process which runs it and INSTALL it with privilege. RUN the program in SYLOGIN.COM for any process with a name starting with "TCPIP$FTPC", then protect objects from access by processes holding that identifier.
The possibilities are endless. All you need to do is precisely define your access requirements. There will always be a way to implement them using some combination of identifiers, ACLs and login processing.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-27-2004 01:33 PM
тАО07-27-2004 01:33 PM
Re: FTP
one possibility is to rip out the FTP service that comes with hp's TCP/IP and replace it with
Hunter Goatleys excellent HGFTP, which does allow to restrict access using logicals.
For more information and a pointer to the manual check
http://zinser.no-ip.info/vms/sw/hgftp.htmlx
Greetings, Martin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-28-2004 02:35 AM
тАО07-28-2004 02:35 AM
Re: FTP
$ IF F$MODE.EQS."NETWORK"
$ THEN
$ .. here only access by FTP and DecNet
$ ENDIF
Antonio Vigliotti