HPE Community
Operating System - HP-UX
1834400 Members
2915 Online
110067 Solutions
New Discussion

Q: anonymous ftp with trusted mode

 
Richard Wang_1
New Member

‎02-24-2003 11:28 AM

‎02-24-2003 11:28 AM

Q: anonymous ftp with trusted mode

On HP-UX 11i, I have enabled anonymous ftp (which worked) and activated trusted mode. Apparently I take it that the trusted mode disabled the anonymous ftp even though SAM shows anonymous ftp as enabled. Is there a way to have anonymous ftp and trusted mode both running?

C:\>ftp server.test.com
Connected to server.test.com.
220 server.test.com FTP server (Version 1.1.214.4(PHNE_23950) Tue May 22 05:49:01
GMT 2001) ready.
User (server.test.com:(none)): anonymous
530 Guest login not permitted.
Login failed.
0 Kudos
Reply
6 REPLIES 6
Sridhar Bhaskarla
Honored Contributor

‎02-24-2003 11:38 AM

‎02-24-2003 11:38 AM

Re: Q: anonymous ftp with trusted mode

Hi,

There are couple of places I will look for.

1. See if your ftpd in /etc/inetd.conf carries -a flag to enable ftpaccess file. If so, look at /etc/ftpd/ftpaccess file and see if the Guest|anonymous logins are disabled.
2. Look at the permissions of ~ftp (ftp's home) directory. It should not have write access for the account "ftp". If so, change it to 555 atleast.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Richard Wang_1
New Member

‎02-24-2003 11:44 AM

‎02-24-2003 11:44 AM

Re: Q: anonymous ftp with trusted mode

Thanks for the quick reply.
From what I see, there's no -a flag for ftpd. all I have is a -l flag.

Also, ~ftp does not have write access. It's currently 555.
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎02-24-2003 11:51 AM

‎02-24-2003 11:51 AM

Re: Q: anonymous ftp with trusted mode

Hi (Again),

Enable logging of ftp by adding -l option in inetd.conf file. The last word should be "ftpd -l".

Refresh inetd by "inetd -c".

Try logging again as anonymous and see what error you get in syslog.log.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Jose Mosquera
Honored Contributor

‎02-24-2003 11:54 AM

‎02-24-2003 11:54 AM

Re: Q: anonymous ftp with trusted mode

Hi,

Anonymous ftp always is a backdoor to violate system security, pls consider block it.

Meanwhile check in your /etc/ftpd/ftpacces file the ftpguest group name definitio. This group name must be defined in /etc/group file and anonymous must belong at this gruop as well as any other ftp's guest users (man ftpaccess). Also check that anonymous is not defined into /etc/ftpd/ftpusers files, this file must content any not allowable ftp users (man ftpusers).

Rgds.
0 Kudos
Reply
Chris Vail
Honored Contributor

‎02-24-2003 11:59 AM

‎02-24-2003 11:59 AM

Re: Q: anonymous ftp with trusted mode

With the others, I urge you to block ftp. It is a security risk. Much better is secure shell (ssh) and secure copy (scp), both are available from software.hp.com. There are lots of threads about secure shell--look through a few of these and see if it might do your job much better.


Chris
0 Kudos
Reply
Richard Wang_1
New Member

‎02-24-2003 12:24 PM

‎02-24-2003 12:24 PM

Re: Q: anonymous ftp with trusted mode

problem solved. it had to do with a file permission in /home/ftp/etc directory.

I totally agree with you guys about the security risks with anonymous ftp. The reason why i have it setup is because in-house application which runs on our server requires it to work. Not a very good software from my view. I brought this up to our clients before, but they don't seem to care. I warned them that if their server gets breached due to the anonymous ftp, they are responsible.

Anyways, thank you guys for all your help.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.