HPE Community
Operating System - HP-UX
1833742 Members
2537 Online
110063 Solutions
New Discussion

Access right for files get via ftp

 
Rita Li
Frequent Advisor

‎12-19-2005 07:52 PM

‎12-19-2005 07:52 PM

Access right for files get via ftp

We have an ERP application running on a HP UX server which can generate a text file with bank payment info in a special format. User will generate the required text file, then ftp to their desktop & then import to a web based application (supplied by the bank)

On the UX platform, I already set the access right as -r--r--r-- for the text file generated

But after ftp get, the file can still be further modified. Our objective is the user is never allowed to modify on such text file at all, if required, they need to login the ERP system, modify the required info, then regenerate the text file again, ie. the ERP system & the bank application always with the figures being synchronized. Is this possible to achieve this? Thanks
0 Kudos
Reply
7 REPLIES 7
Muthukumar_5
Honored Contributor

‎12-19-2005 07:57 PM

‎12-19-2005 07:57 PM

Re: Access right for files get via ftp

Is it like,

textfile with permission of 444 is ftped from hp-ux to windows machine (desktop) and able to modify the contents on that text file??

Please elaborate the problem more?

-Muthu
Easy to suggest when don't know about the problem!
0 Kudos
Reply
Rita Li
Frequent Advisor

‎12-19-2005 08:14 PM

‎12-19-2005 08:14 PM

Re: Access right for files get via ftp

The problem is:

A text file is created on the UNIX server, with access permission set as 444 - after ftp to Windows, the content can still be further modified & get saved.

But I need to have this file set as read-only, no matter it is on UNIX (already achieved this) or on Windows (not succesfully yet)
0 Kudos
Reply
RAC_1
Honored Contributor

‎12-19-2005 08:38 PM

‎12-19-2005 08:38 PM

Re: Access right for files get via ftp

What you are trying to do is not possible. Unix perms apply untill the file is on unix.
Once it goes to windows and if you are admin on it, you can do whatever you want.

You need to set the file perms on windows to read only to all and everything to windows admin.

This has certainly nothing to do with unix.
There is no substitute to HARDWORK
0 Kudos
Reply
RAC_1
Honored Contributor

‎12-19-2005 08:42 PM

‎12-19-2005 08:42 PM

Re: Access right for files get via ftp

Ever worked on read only PDF files?? Acrobat files do it internally. the file perms are embebed in file itself. so a pdf file that is read only, can not be updated no matter what platform.

Just inputs to help you understand what is going on.
There is no substitute to HARDWORK
0 Kudos
Reply
Frank de Vries
Respected Contributor

‎12-19-2005 08:46 PM

‎12-19-2005 08:46 PM

Re: Access right for files get via ftp

In your ftp script you can prefix
chmod 440 then only the owner and group
can read and no one can modify.

Once the file is on windows it is a different
command to do 'cacls' to limit permissions,
just after your ftp command.

CACLS filename [/T] [/E] [/C] [/G user:perm] [/R user [...]]

Success
Look before you leap
0 Kudos
Reply
Steve Lewis
Honored Contributor

‎12-20-2005 12:31 AM

‎12-20-2005 12:31 AM

Re: Access right for files get via ftp

If they can read the file, then they can always copy it elsewhere and import that one instead.
This means you need a manual control or an automated closed system to handle the transfer submission.

One possibility that may help for now is to stop the FTP of the file completely and instead of ftp, to set-up a Samba/CIFS share for that directory on UNIX, read-only. Have that user's PC mount the Samba share as a drive and point the bank web app at the new drive, so that the user imports the file directly into the web app from the share - no ftp.

0 Kudos
Reply
Rita Li
Frequent Advisor

‎12-20-2005 01:24 PM

‎12-20-2005 01:24 PM

Re: Access right for files get via ftp

Fully understand the current situation here now. Thanks for all the responses
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.