HPE Community
Operating System - OpenVMS
1827798 Members
2284 Online
109969 Solutions
New Discussion

FTP error on close, prot violation??? :-(

 
SOLVED
Go to solution
Didier Morandi_2
Frequent Advisor

‎06-25-2005 06:17 AM

‎06-25-2005 06:17 AM

FTP error on close, prot violation??? :-(

Folks,
Enabling file access failure, I suddenly discover that I have an error message on FTP close:

FTP> open 192.168.0.5
220 dtl02.dtl FTP Server (Version 5.3) Ready.
Connected to dtl02.
Name (dtl02:system): anonymous
331 Guest login OK, send ident as password.
Password:
230 Guest login OK, access restrictions apply.
FTP> dir
200 PORT command successful.
150 Opening data connection for DKA100:[ANONYMOUS]*.*;* (192.168.0.5,49172)

Directory DKA100:[ANONYMOUS]

READ_ME_FIRST.TXT;1
1/9 24-JUN-2004 19:43:44 [ANONY,ANONYMOUS]
(RWED,RWED,RE,RE)
TCPIP$FTP_SERVER.LOG;4
0/9 24-JUN-2004 19:57:11 [ANONY,ANONYMOUS]
(RWED,RWED,RE,)
TCPIP$FTP_SERVER.LOG;3
1/9 24-JUN-2004 19:55:39 [ANONY,ANONYMOUS]
(RWED,RWED,RE,)
TCPIP$FTP_SERVER.LOG;2
1/9 24-JUN-2004 19:53:31 [ANONY,ANONYMOUS]
(RWED,RWED,RE,)
TCPIP$FTP_SERVER.LOG;1
1/9 24-JUN-2004 19:51:58 [ANONY,ANONYMOUS]
(RWED,RWED,RE,)

Total of 5 files, 4/45 blocks

226 LIST Directory transfer complete.
686 bytes received in 00:00:00.00 seconds (669.92 Kbytes/s)
FTP> exit
221 Goodbye.
DTL02>
%%%%%%%%%%% OPCOM 24-JUN-2004 19:57:21.42 %%%%%%%%%%%
Message from user AUDIT$SERVER on DTL02
Security alarm (SECURITY) and security audit (SECURITY) on DTL02, system id: 102
6
Auditable event: Object access
Event information: write protected file attributes request (IO$_ACCESS, I
O$_CREATE, IO$_DEACCESS, or IO$_MODIFY)
Event time: 24-JUN-2004 19:57:21.42
PID: 2020043B
Process name: TCPIP$FTPC0000F
Username: ANONYMOUS
Process owner: [ANONY,ANONYMOUS]
Image name: DTL02$DKA0:[SYS0.SYSCOMMON.][SYSEXE]TCPIP$FTP_CHILD.EX
E
Object class name: FILE
Object owner: [SYSTEM]
Object protection: SYSTEM:RWE, OWNER:RWE, GROUP:RWE, WORLD:RWE
File name: _DTL02$DKA0:[TCPIP$FTP]TCPIP$FTP_ANONYMOUS.LOG;1
File ID: (14260,1,0)
Access requested: CONTROL
Matching ACE: (IDENTIFIER=[ANONY,ANONYMOUS],OPTIONS=PROTECTED,ACCESS
=READ+WRITE)
Sequence key: 0002A699
Status: %SYSTEM-F-NOPRIV, insufficient privilege or object pro
tection violation

DTL02> dir/prot DTL02$DKA0:[000000]TCPIP$FTP.dir

Directory DTL02$DKA0:[000000]

TCPIP$FTP.DIR;1 1/9 15-JUN-2004 22:06:31.14 (RWE,RWE,RWE,RWE)

Total of 1 file, 1/9 blocks.
DTL02>

VMS 7.3-1 Alpha, TCPIP 5.3-18

What did I do wrong? Should I change the ACE? If I should (which is my best guess), why is it badly set up at FTP installation time?

Thanks,

D.
I want to become the European VMS VP :-)
0 Kudos
Reply
5 REPLIES 5
Veli Körkkö
Trusted Contributor

‎06-25-2005 07:12 PM

‎06-25-2005 07:12 PM

Solution

Re: FTP error on close, prot violation??? :-(

I would say that protection on TCPIP$FTP.DIR is overly permissive. Mine has

TCPIP$FTP.DIR;1 [TCPIP$AUX,TCPIP$FTP] (RWE,RWE,RE,E)


It wants to update file dka0:[TCPIP$FTP]TCPIP$FTP_ANONYMOUS.LOG;1
so that update apparently fails

On my systems I typically get an file access failure audit for attempt to create TCPIP$FTP_SERVER.LOG in the [ANONYMOUS] directory since writing to that is now allowed for ANONYMOUS but otherwise things work

_veli
Reply
Peter Quodling
Trusted Contributor

‎06-25-2005 08:05 PM

‎06-25-2005 08:05 PM

Re: FTP error on close, prot violation??? :-(

Didier, at a quick glance, it looks like the DTL02$dka0:[tcpip$ftp] directory is owned by system, but is being written by (anony,anonymous) when trying to write a log file when it's finished (but not while accessing...) Also, If you look at it it's asking for control access, when you have only specified read and write...

Q
Leave the Money on the Fridge.
Reply
Jan van den Ende
Honored Contributor

‎06-25-2005 09:58 PM

‎06-25-2005 09:58 PM

Re: FTP error on close, prot violation??? :-(

Didier,

I think changing the ownership of dka0:[000000]TCPIP$FTP.DIR to ANONYMOUS will resolve this issue. And I _think_ I should have been set up like that (then again, since we do not allow anonymous access, I have no comparison for it)

hth,

Proost.

Have one on me.

jpe
Don't rust yours pelled jacker to fine doll missed aches.
Reply
Veli Körkkö
Trusted Contributor

‎06-26-2005 03:04 AM

‎06-26-2005 03:04 AM

Re: FTP error on close, prot violation??? :-(

Most certainly I would expect TCPIP$FTP.DIR to be owned by TCPIP$FTP. not system and most certainly not by ANONYMOUS.

_veli. if unsure, stop FTP service, delete it including TCPIP$FPT.DIR etc and have TCPIP$CONFIG recreate it all the way.

_veli
Reply
Didier Morandi_2
Frequent Advisor

‎06-26-2005 09:06 AM

‎06-26-2005 09:06 AM

Re: FTP error on close, prot violation??? :-(

Thanks for your valuable inputs.
I have to travel a bit the three next days (Valbonne, then Utrecht for a VAX to i64 seminar).
I come back to you later.

D.
I want to become the European VMS VP :-)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.