HPE Community
Operating System - HP-UX
1834158 Members
2884 Online
110064 Solutions
New Discussion

Changes to ftpaccess file not effecting FTP file transfers

 
SOLVED
Go to solution
Chris Gromala
Advisor

‎12-16-2002 11:04 AM

‎12-16-2002 11:04 AM

Changes to ftpaccess file not effecting FTP file transfers

Hi All, (I had this posted in error in the Linux forum)
I have a restricted ftp user set up on 11.0 and I would like to have the file permissions set on transfers for that user to be read,write and change for all users. I made changes to the ftpaccess file (upload) and then issued a inetd -c and everytime I transfer files for this user The correct permissions are not taking effect. My inetd.conf file has been changed for the -a option. Any clues?? I've checked this forum for everything And haven't seen a similar problem.

Thanks,
Chris
0 Kudos
Reply
24 REPLIES 24
Ken Hubnik_2
Honored Contributor

‎12-16-2002 11:09 AM

‎12-16-2002 11:09 AM

Re: Changes to ftpaccess file not effecting FTP file transfers

What is the default umask set to for the user? When you create a new file the file permission are set by what the umask is.
0 Kudos
Reply
Chris Gromala
Advisor

‎12-16-2002 11:13 AM

‎12-16-2002 11:13 AM

Re: Changes to ftpaccess file not effecting FTP file transfers

Ken,
Pardon my ignorance- but where would I find what the default umask is- in the users profile?
0 Kudos
Reply
Christopher McCray_1
Honored Contributor

‎12-16-2002 11:20 AM

‎12-16-2002 11:20 AM

Re: Changes to ftpaccess file not effecting FTP file transfers

Hello,

The default umask for the system is in /etc/profile. If anything has been modified for any users, that is in the user's .profile or .cshrc.


did you line for upload look like this:

upload /base/dir /incoming yes 0666 dirs


Hope this helps

Chris
It wasn't me!!!!
0 Kudos
Reply
Ken Hubnik_2
Honored Contributor

‎12-16-2002 11:22 AM

‎12-16-2002 11:22 AM

Re: Changes to ftpaccess file not effecting FTP file transfers

It is either set in /etc/profile or in the users .profile or .kshrc file. The best way to check is have that user touch a file and see what permissions the new file has.
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

‎12-16-2002 11:23 AM

‎12-16-2002 11:23 AM

Re: Changes to ftpaccess file not effecting FTP file transfers

Chris

In the .profile also check man umask.

If you as a higher level user transer files for the user then they will pick up your masking and not the users.

Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Chris Gromala
Advisor

‎12-16-2002 11:32 AM

‎12-16-2002 11:32 AM

Re: Changes to ftpaccess file not effecting FTP file transfers

My ftpaccess file looks like this:
upload /var/ftp * no
upload /var/ftp /incoming yes root daemon 0600 dirs
upload /var/ftp /bin no
upload /var/ftp /etc no
upload /var/ftp /etc no
upload /dbmsx/dbms/uv/romtest/wmsin/ yes root sys 0666
This is a ftp only user I added a umask 0666 to it's profile and still came up with the following file creation when I ftp'd a file over using this users login and password.

-rw-r----- 1 wmsil ftponly 321 Dec 16 13:28 cgcopy.txt
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

‎12-16-2002 11:37 AM

‎12-16-2002 11:37 AM

Re: Changes to ftpaccess file not effecting FTP file transfers

Chris

Just a thought check out the destination machine settings.

Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Chris Gromala
Advisor

‎12-16-2002 11:41 AM

‎12-16-2002 11:41 AM

Re: Changes to ftpaccess file not effecting FTP file transfers

Paula,
What settings are you referring to?

Chris
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

‎12-16-2002 11:44 AM

‎12-16-2002 11:44 AM

Re: Changes to ftpaccess file not effecting FTP file transfers

Chris

You are ftping to another machine and all looks OK on your source machine but what is that users umask on the destination machine.

Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Chris Gromala
Advisor

‎12-16-2002 11:46 AM

‎12-16-2002 11:46 AM

Re: Changes to ftpaccess file not effecting FTP file transfers

Paula,
The information that I am providing is from the destination machine. I'm ftping from a workstation.

Chris
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

‎12-16-2002 11:54 AM

‎12-16-2002 11:54 AM

Re: Changes to ftpaccess file not effecting FTP file transfers

Chris

What I think may be the problem is that the two machines for this user are not set at 666 but one is at 640.


Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Chris Gromala
Advisor

‎12-16-2002 12:00 PM

‎12-16-2002 12:00 PM

Re: Changes to ftpaccess file not effecting FTP file transfers

Paula,
Pardon but I'm confused. This particular user can be logged in for ftp from a number of different sources. Everytime this user transfers a file over - the file is created with the permissions I had shown earlier in the thread. I could be wrong but I think the problem lies at the destination machine and it's failure to recognize the changes I have made. Or the failure of me to understand what I am doing wrong. The /dbmsx/dbms/...... directory in the ftpaccess file ins the home directory of this users for restricted ftp use.
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

‎12-16-2002 12:14 PM

‎12-16-2002 12:14 PM

Re: Changes to ftpaccess file not effecting FTP file transfers

Chris

My confusion I did not realise that is was being collected from several machines.

Yes it must the the scource machine.

I do not have a unix box to test on but what does an env say about mask fot this user - I cannot remember if env shows it.

Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Christopher McCray_1
Honored Contributor

‎12-16-2002 12:22 PM

‎12-16-2002 12:22 PM

Re: Changes to ftpaccess file not effecting FTP file transfers

Hello,

By looking at the line you provided:

upload /dbmsx/dbms/uv/romtest/wmsin/ yes root sys 0666

You are saying that you are trying to make any file deposited by the user in question will have ownership of root:sys and read/write for everyone; you can't do this. Instead:

upload /dbmsx/dbms/uv/romtest
/wmsin yes wmsil ftponly 0666

This should work for you.

Chris
It wasn't me!!!!
0 Kudos
Reply
Christopher McCray_1
Honored Contributor

‎12-16-2002 12:25 PM

‎12-16-2002 12:25 PM

Re: Changes to ftpaccess file not effecting FTP file transfers

BTW -- entries in the ftpaccess file affect only the local server on which it's configured.... it has no control on what it sends out.

Just in case that was the thought here.

Chris
It wasn't me!!!!
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

‎12-16-2002 12:26 PM

‎12-16-2002 12:26 PM

Re: Changes to ftpaccess file not effecting FTP file transfers

Well spotted Christopher

If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Chris Gromala
Advisor

‎12-16-2002 02:03 PM

‎12-16-2002 02:03 PM

Re: Changes to ftpaccess file not effecting FTP file transfers

First of all thanks for all your help in trying to get this resolved. BUt maybe I hadn't made myself clear so I'll try again - I have restricted FTP set up for one particular user. This user can not telnet into the machine it can only FTP to it. It's home directory is the /dbmsx/dbms/...... I want any file that this particular user transfers over to be accessible to any user on the system for read and change. I have made numerous changes to the ftpaccess file on this machine that is receivng the ftp'd files. Including this one that CHris had mentioned and the files still show up with the incorrect permissions.
Here is the lastest ftpaccess file after changes:
upload /var/ftp * no
upload /var/ftp /incoming yes root daemon 0600 dirs
upload /var/ftp /bin no
upload /var/ftp /etc no
upload /var/ftp /etc no
upload /dbmsx/dbms/uv/romtest/wmsin/ yes wmsil ftponly 0666
Here is the fiel after the transfer:
-rw-r----- 1 wmsil ftponly 321 Dec 16 15:44 cgcopy.txt
I hope I've ansered more questions than I've added with this explanation.
Thanks Again.
0 Kudos
Reply
Charles Soto
Advisor

‎12-16-2002 02:50 PM

‎12-16-2002 02:50 PM

Re: Changes to ftpaccess file not effecting FTP file transfers

Chris, per man ftpaccess, the upload directive only corresponds to a user's home directory. Are you sure this user's home is listed correctly in /etc/passwd? Also, ftpd ignores /etc/ftpd/ftpaccess unless it's started with the -a command. You probably have ftpd started via inetd. If so, edit /etc/inetd.conf to include -a after the ftpd command. You might also put -l and/or -v to be sure access and debugging information is logged.

Charles
0 Kudos
Reply
Chris Gromala
Advisor

‎12-16-2002 03:05 PM

‎12-16-2002 03:05 PM

Re: Changes to ftpaccess file not effecting FTP file transfers

Charles,
The users home dir is in passwd correctly. However at the end of the path is a "/./". I believe that is for the restricted ftp access so that the user can not change dir's. I think I already tried to added the /./ at the end of the path in the upload directory. to no avail. I already had the -a option you specified.
0 Kudos
Reply
Wilfred Chau_1
Respected Contributor

‎12-16-2002 03:57 PM

‎12-16-2002 03:57 PM

Solution

Re: Changes to ftpaccess file not effecting FTP file transfers

Chris,
vi /etc/inetd.conf
add -u 007 at end of ftpd

restart inetd

The default netmask is 027. The above should all the ftp user to create a file with permission of 660.

Reply
Christopher McCray_1
Honored Contributor

‎12-17-2002 04:05 AM

‎12-17-2002 04:05 AM

Re: Changes to ftpaccess file not effecting FTP file transfers

Hello,

Your upload entry is not correct.

As I have stated before, you need to have the entry look like this.

upload /base/dir /incoming yes 0666

So in your case it will be:

upload /dbmsx/dbms /uv/romtest/wmsin yes wmsil ftponly 0666

I hope I have been clear on what I have been trying to explain.

Chris
It wasn't me!!!!
0 Kudos
Reply
Christopher McCray_1
Honored Contributor

‎12-17-2002 04:09 AM

‎12-17-2002 04:09 AM

Re: Changes to ftpaccess file not effecting FTP file transfers

Note the space between the "/dbmsx/dbms" and the "/uv/romtest/wmsin"

Just wanted to clear up any more confusion.

Chris
It wasn't me!!!!
0 Kudos
Reply
Chris Gromala
Advisor

‎12-17-2002 08:04 AM

‎12-17-2002 08:04 AM

Re: Changes to ftpaccess file not effecting FTP file transfers

Wifred your suggestion worked, Thanks. Although I would rather have used the ftpaccess file to control it, the global change should work fine.
Chris,
I made the change you suggested - however the path that I had described was the full path to the users home directory. So i added the same path twice to upload parameter. It looked as follows:
upload /dbmsx/dbms/uv/romtest/wmsin /dbmsx/dbms/uv/romtest/wmsin yes wmsil ftpon
ly 0666
I restarted inetd and the file permissions were still incorrect. I reverted to the global change ecause I've spent too much time trying to get this to work. Thanks for everyone's time and help.
Chris
0 Kudos
Reply
Christopher McCray_1
Honored Contributor

‎12-17-2002 10:17 AM

‎12-17-2002 10:17 AM

Re: Changes to ftpaccess file not effecting FTP file transfers

Hello,

I guess I was confused on what the user's home directory was.

I am going to take one more stab at this and you can do as you want with it.

The users home directory is everything up to the "/./" everything below it is what the user has to work with.

Bearing that in mind, IF and ONLY IF the user's home directory is

/dbmsx/dbms/uv/romtest/wmsin

and in the passwd file it is

/dbmsx/dbms/uv/romtest/wmsin/./

then if your intention is to allow uploading into the user's "/", your entry will be as follows:

upload /dbmsx/dbms/uv/romtest/wmsin / yes wmsil ftponly 0666 (note the space before the last "/")

if you don't want upload access the the "/", but to some other sub-directory, then:

upload /dbmsx/dbms/uv/romtest/wmsin / no

upload /dbmsx/dbms/uv/romtest/wmsin / yes wmsil ftponly 0666

If this doesn't work, then I'll strangle myself because It works perfectly here.


Good luck

Chris
It wasn't me!!!!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.