Operating System - HP-UX
1824052 Members
3594 Online
109667 Solutions
New Discussion юеВ

FTP is enabled; SAM say disabled

 
Luis Toro
Regular Advisor

FTP is enabled; SAM say disabled

We recently had a major issue whereby a test process ftp'd files to production servers. The application group first checked FTP in SAM (we give them restricted SAM access on test servers to turn services off/on), and it a status of disabled, but you could ftp to/from the test server. Turns out only the "ftp-data" entry in /etc/services was commented out; the "ftp" entry was not commented out, nor was the entry in inetd.conf. I've manually tested this (and I've issued an "inetd -c") and it would seem that commenting out the ftp-data entry results in the "disabled" status, yet the service is enabled. Is this a SAM bug ?
3 REPLIES 3
Helen French
Honored Contributor

Re: FTP is enabled; SAM say disabled

I think it's because of the restricted SAM access your application group has. As a 'root' user, if you disable 'ftp' from SAM and if you check the /etc/services file, you will see both ftp and ftp-data entries have been disabled. Your application group may not have sufficient rights to disable the actual ftp daemon (which is the 'ftp' control service), but just the ftp-data service.
Life is a promise, fulfill it!
Luis Toro
Regular Advisor

Re: FTP is enabled; SAM say disabled

Thanks Shiju, but the problem has to be in how SAM is reporting ftp status. Using RSAM, the app group can turn ftp off/on. They do this everytime they test changes in their process. In this instance, they went to turn it off, and sam reported that it was already off. I was able to replicate using regular, as root.
Luis Toro
Regular Advisor

Re: FTP is enabled; SAM say disabled

I opened up a call with HP, and apparently there is a defect in SAM as it pertains to its reporting of the status of ftp (enabled or disabled).