- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Problem with anonymous FTP since upgrade to UX...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-19-2001 04:57 AM
тАО06-19-2001 04:57 AM
Problem with anonymous FTP since upgrade to UX 11
Thanks in advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-19-2001 05:05 AM
тАО06-19-2001 05:05 AM
Re: Problem with anonymous FTP since upgrade to UX 11
Anonymous ftp allows a user without a login on your host to transfer files to and from a public directory. A user types the ftp command to connect to your host and types anonymous or ftp as a login name. The user can type any string of characters as a password. (By convention, the password is the host name of the user's host). The anonymous user is then given access only to user ftp's home directory, usually called /home/ftp.
Configuring anonymous ftp access involves the following tasks, described in this section:
To Add User ftp to /etc/passwd
To Create the Anonymous ftp Directory
You can follow the instructions in this section, or you can use SAM to configure anonymous ftp access. SAM (System Administration Manager) is Hewlett-Packard's windows-based user interface for performing system administration tasks. To run SAM, type sam at the HP-UX prompt. SAM has an extensive online help facility.
To Add User ftp to /etc/passwd
Use a text editor to add a line for user ftp to the /etc/passwd file, as in the following example:
ftp:*:500:guest:anonymous ftp:/home/ftp:/usr/bin/false
The password field should be *, the group membership should be guest, and the login shell should be /usr/bin/false. In this example, user ftp's user ID is 500, and the anonymous ftp directory is /home/ftp.
Type man 4 passwd at the HP-UX prompt for information on the passwd file.
To Create the Anonymous ftp Directory
Create the ftp home directory that you configured in the /etc/passwd file, as in the following example:
cd /home
mkdir ftp
Create the subdirectory /usr/bin under the ftp home directory:
cd /home/ftp
mkdir usr
cd usr
mkdir bin
Copy the ls and pwd commands from /sbin to ~ftp/usr/bin, and set the permissions on the commands to 0111 (executable only):
cp /sbin/ls /home/ftp/usr/bin
cp /sbin/pwd /home/ftp/usr/bin
chmod 0111 /home/ftp/usr/bin/ls
chmod 0111 /home/ftp/usr/bin/pwd
Set the owner of the ~ftp/usr/bin and ~ftp/usr directories to root, and set the permissions to 0555 (not writeable):
chown root /home/ftp/usr/bin
chmod 0555 /home/ftp/usr/bin
chown root /home/ftp/usr
chmod 0555 /home/ftp/usr
Create the subdirectory etc under the ftp home directory:
cd /home/ftp
mkdir etc
Copy /etc/passwd and /etc/group to ~ftp/etc. These files are required by the ls command, to display the owners of files and directories under ~ftp.
cp /etc/passwd /home/ftp/etc
cp /etc/group /home/ftp/etc
Replace the password field in all entries in /home/ftp/etc/passwd with *, and delete the shell field from the end of each entry:
ftp:*:500:guest:anonymous ftp:/home/ftp:
acb:*:8996:20::/home/acb:
Replace the password field in all entries in /home/ftp/etc/group with *:
users:*:20:acb
guest:*:21:ftp
Set the owner of the files in ~ftp/etc to root, and set the permissions to 0444 (read only):
chown root /home/ftp/etc/passwd
chmod 0444 /home/ftp/etc/passwd
chown root /home/ftp/etc/group
chmod 0444 /home/ftp/etc/group
Set the owner of ~ftp/etc to root, and set the permissions to 0555 (not writeable):
chown root /home/ftp/etc
chmod 0555 /home/ftp/etc
Create a directory called pub under ~ftp. Set its owner to user ftp and its permissions to 0777 (writeable by all). Anonymous ftp users can put files in this directory to make them available to other anonymous ftp users.
mkdir /home/ftp/pub
chown ftp /home/ftp/pub
chmod 0777 /home/ftp/pub
Create a directory called dist under ~ftp. Set its owner to user root and its permissions to 0755 (writeable only by root). The superuser can put read-only files in this directory to make them available to anonymous ftp users.
mkdir /home/ftp/dist
chown root /home/ftp/dist
chmod 0755 /home/ftp/dist
Set the owner of user ftp's home directory to root and the permissions to 0555 (not writeable).
chown root /home/ftp
chmod 0555 /home/ftp
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-19-2001 06:06 AM
тАО06-19-2001 06:06 AM
Re: Problem with anonymous FTP since upgrade to UX 11
http://forums.itrc.hp.com/cm/QuestionAnswer/1,1150,0xd5ab53921f1ad5118fef0090279cd0f9,00.html
Hope it helps you,
Rita
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-19-2001 07:45 AM
тАО06-19-2001 07:45 AM
Re: Problem with anonymous FTP since upgrade to UX 11
In the original 10.20 implementation users logged in via anonymous FTP because this was the only was we knew of chrooting them. The underlying unix permissions meant they could not get/put data as the anonymous user, only when they USERed to their own FTP account. Each application had its own ftp account and group, seperate froom the 'application owner' account. The application owner account was a member of the application ftp group (a seperate group for each application) and therefore could access the FTP files asssociated with the application via the group permission. i.e.
appftp is the ftp account for application 'app'.
app is the application owner account for application 'app'.
The user appftp is a member of the group appftp.
The user app is a member of the app and appftp groups.
Files are delivered to application app via the appftp account. This account can only be accessed once the user has logged into the anonymous FTP account and issues a USER command.
Can we make UX11 behave like this ?
If we have to use the new UX11 way as I understand it all the FTP users would have to be set up as 'guest' accounts i.e. in the guest group. This would cause problems accessing the files from application owner accounts via the group permission. Also a change to the way FTP works will mean changes on external systems. These problems are not insurmountable (?) but it would be better if we could make the change transparent.
Hope this explains better !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-19-2001 09:01 AM
тАО06-19-2001 09:01 AM
Re: Problem with anonymous FTP since upgrade to UX 11
Well, I would probably not try to figure out a way to run USER after I logged in.
I would create 2 (ftp) accounts. First user=app at /home/app and then user=appftp at /home/app/appftp.
In the passwrd file I would do a chroot to secure appftp to their directory(ies) only by
appftp:1234:......./home/app/appftp/./usr/bin/ksh
and if I wanted to secure user app to their directory:
app:1233:...../home/app/./usr/bin/ksh
Remember to copy /sbin/ls and /usr/bin/pwd under their home directory, so they have these commands.
Doing this, user appftp could put/get files from that mountpoint (and below) only. And user app could put/get files from the higher mountpoint and below down through appftp files.
Now, if you want specific rights for groups you could specify the group in your ftpaccess and give rights, or leave them as guest so the only place they are going is where you have chrooted them...granted they would not have to run USER to re-login, since they never logged in as anonymous...they logged in as themselves from the first login prompt.
Just a thought, hope it makes some sense...(cause I have this set up..and so far it works for us)
Regards,
Rita