HPE Community
Operating System - HP-UX
1834935 Members
2499 Online
110071 Solutions
New Discussion

Re: FTP

 
SOLVED
Go to solution
vijila
Advisor

‎02-27-2007 08:19 PM

‎02-27-2007 08:19 PM

FTP

HI,

one of the user is not able to transfer file throgh ftp.
While the user try to login through ftp the error showing is "access denied"
how to solve this issue?

Please help me.
0 Kudos
14 REPLIES 14
Peter Godron
Honored Contributor

‎02-27-2007 08:28 PM

‎02-27-2007 08:28 PM

Re: FTP

Hi,
can you please review all your previous posts, as you have yet to assign points as rewards for the asnwers! Your profile indicates 0 of 26 responses rewarded.

Please read:
http://forums1.itrc.hp.com/service/forums/helptips.do?#33 on how to reward any useful answers given to your questions.

Is this happeneing for just one user ?
Have you checked :
/etc/ftpd/ftpusers
/etc/ftpd/ftpaccess
0 Kudos
Reshma Malusare
Trusted Contributor

‎02-27-2007 08:34 PM

‎02-27-2007 08:34 PM

Solution

Re: FTP

Hi Vijila,
There are five files used to hold FTP configuration information.
Check following files:
1./etc/ftpd/ftpaccess --> configuration file is the primary configuration file for defining how the ftpd daemon operates. It is not necessary to enable the ftpacess file inorder to run ftpd. The configuration files allow you to configure FTP features, such as the number of FTP login tries permitted, FTP banner displays, logging of incoming and outgoing file transfers, access permissions, use of regular expressions, etc.

2. /etc/ftpd/ftpconversions -->Defines options for compression/decompression and tar/untar operations

3./etc/ftpd/ftphosts -->Lets you allow/deny FTP account access according to source IP addresses and host names.

4./etc/ftpd/ftpusers --> Restricts FTP access for specified users. This file shows entries which dont have access for ftp.
deny ftp access to selected users.

5./etc/ftpd/ftpgroups -->The group password file for use with the SITE GROUP and SITE GPASS commands

Also check for :
2./etc/passwd --> anonymous ftp access

3.~/.netrc -->login information for ftp.The .netrc file contains login and initialization information used by the ftp autologin process .ftp autologin
allows users to ftp to other hosts.

Regards,
Reshma
0 Kudos
vijila
Advisor

‎02-27-2007 08:37 PM

‎02-27-2007 08:37 PM

Re: FTP

hi,

Please forgive me for not assigning mark.
I don't know that hoe to do that thats why.
ai will do it now onwards becuse i got idea to do that.

In the FTP problem,
it is for one of the user.
in the /etc/ftpdusers file no entry is there.
and
/etc/ftpd/ftpaccess file is not avalable

0 Kudos
Peter Godron
Honored Contributor

‎02-27-2007 08:50 PM

‎02-27-2007 08:50 PM

Re: FTP

Hi again,
have you got /etc/ftp.allow and/or /etc/ftp.deny files ?
And is this happening to only one user ??

As to points, you can go back through your problems from you homepage at http://forums1.itrc.hp.com/service/forums/publicProfile.do?userId=CA1440417&forumId=1

and assign points retrospectively.
0 Kudos
vijila
Advisor

‎02-27-2007 08:53 PM

‎02-27-2007 08:53 PM

Re: FTP

Hi,
there is no /etc/ftp.allow and /etc/ftp.deny files also

What to do for that?

0 Kudos
Reshma Malusare
Trusted Contributor

‎02-27-2007 08:53 PM

‎02-27-2007 08:53 PM

Re: FTP

hi Vijila,
Its ok. now onwards you can assign the points.Please have a look on following.

http://forums1.itrc.hp.com/service/forums/helptips.do?#33
0 Kudos
vijila
Advisor

‎02-27-2007 09:00 PM

‎02-27-2007 09:00 PM

Re: FTP

Hi reshma,
it is found that the files u mentioned are not available.

Then how to solve this issue?

Tanx in advance
Vijila
0 Kudos
gstonian
Trusted Contributor

‎02-27-2007 09:03 PM

‎02-27-2007 09:03 PM

Re: FTP

I would create an ftpaccess file if you don't already have one. This will help set up a standrard and if you wish to restrict ftp in the future.

Here is a example ftpaccess file.


class all real,guest,anonymous *

limit all 50 Any /etc/msgs/msg.dead

readme README* login
readme README* cwd=*

message /welcome.msg login
message .message cwd=*

compress yes all
tar yes all

log commands real
log transfers anonymous,real inbound,outbound

shutdown /etc/shutmsg

email user@hostname


But please read up on what each line is actually doing
Thanks
0 Kudos
Peter Godron
Honored Contributor

‎02-27-2007 09:08 PM

‎02-27-2007 09:08 PM

Re: FTP

Hi,
depending on the answer to:
Is this happening to only one user ??

If it is just one user, that user must have been specified as not being allowed to connect.

If all users are hit, then it is a generic problem with the ftp setup.

Example:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=630481
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1026012
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=94248

Or the reverse of your rproblem:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=62881
0 Kudos
Reshma Malusare
Trusted Contributor

‎02-27-2007 09:11 PM

‎02-27-2007 09:11 PM

Re: FTP

Hi vijila,
As all this files are not available ..then just check
/var/adm/inetd.sec --> disallow & allow users network services
The /var/adm/inetd.sec file is a security file that inetd reads to determine which remote hosts are allowed access to the services on your host. The inetd.sec file is optional; you do not need it to run the Internet Services.

You can use either a text editor or SAM to edit the inetd.sec file. SAM (System Administration Manager) is Hewlett-Packard's windows-based user interface for performing system administration tasks. To run SAM, type sam at the HP-UX prompt. SAM has an extensive online help facility.

1.If the /var/adm/inetd.sec file does not exist on your host, copy /usr/newconfig/var/adm/inetd.sec to /var/adm/inetd.sec.
2. Create one line in inetd.sec for each service to which you want to restrict access. Do not create more than one line for any service.

3.Each line in the /var/adm/inetd.sec file has the following syntax:
service_name {allow} host_specifier [host_specifier...] {deny}

4.Make sure the /var/adm/inetd.sec file is owned by user root and group other, and make sure its permissions are set to 0444 (-r--r--r--).


Few examples:
login allow 10.
*shell deny vandal hun
tftp deny *

The first example allows access to rlogin from any IP address beginning with 10. The second example denies access to remsh and rcp from hosts vandal and hun. The third example denies everyone access to tftp.

NOTE:Only the services configured in /etc/inetd.conf can be configured in /var/adm/inetd.sec

Regards,
Reshma


0 Kudos
vijila
Advisor

‎02-27-2007 09:32 PM

‎02-27-2007 09:32 PM

Re: FTP

Hi Reshma,

there is no ftp related files in /etc/ftpd.
But that files in /usr/newconfig/var/adm is not configured. ie no entires related to ftp in that.
In /etc/inetd.conf file there is entry like:

ftp stream tcp nowait --root /usr/lbin/ftpd ftpd -l

Using one user we can do ftp. that user can remotely login to that server.

If u know anything more .
Please try to share.

tanx in advace
Vijila
0 Kudos
Reshma Malusare
Trusted Contributor

‎02-27-2007 09:43 PM

‎02-27-2007 09:43 PM

Re: FTP

Hi vijila,
As this line is there in inetd.conf means ftp service is enable.

See,The /etc/inetd.conf file is the inetd configuration file, which lists the services that may be started by inetd.

1.Make sure the following lines exist in /etc/inetd.conf. If any of the lines starts with a pound sign (#), remove the pound sign to enable the service.

ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l
2.If you made any changes to /etc/inetd.conf, type the following command to force inetd to read its configuration file:

/usr/sbin/inetd -c
3.Make sure /etc/inetd.conf is owned by user root and group other, and make sure its permissions are set to 0444 (-r--r--r--)

Now still if it will not work, then just Restart the inetd daemon.


Regards
Reshma
0 Kudos
vijila
Advisor

‎02-27-2007 10:03 PM

‎02-27-2007 10:03 PM

Re: FTP

Than You for all for Information
0 Kudos
Reshma Malusare
Trusted Contributor

‎02-27-2007 10:05 PM

‎02-27-2007 10:05 PM

Re: FTP

Hey Vijila,
Again you forget to assign points.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.