HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- How to Create Restricted FTP User
Operating System - OpenVMS
1829265
Members
1527
Online
109988
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-26-2007 08:21 PM
08-26-2007 08:21 PM
How to Create Restricted FTP User
Hi All,
i want to create restricted ftp user that user only able to ftp system and has access to only one directory (spose xyz) and subfolders of that directory, Cant browes any other directories of system and can not access system other than ftp. OS is OpenVMS 7.3-2
Thanks in Advance.
i want to create restricted ftp user that user only able to ftp system and has access to only one directory (spose xyz) and subfolders of that directory, Cant browes any other directories of system and can not access system other than ftp. OS is OpenVMS 7.3-2
Thanks in Advance.
5 REPLIES 5
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-26-2007 08:36 PM
08-26-2007 08:36 PM
Re: How to Create Restricted FTP User
Sial,
- create a username in a UIC group of only that user
- set that user /NOACCESS/NETWORK
- (of course, only TMPMBX & NETMBX privs, default & authorized)
- create a topdirectory for, and owned by, that user, set device & directory for the username to that directory
If the "normal" VMS protections are in effect on the system, (ie, WORLD: ) he can not reach any other directories.
-- if the system has (lots of ?) topdirectories with WORLD ACCESS permitted, then give (add to ?) those topdirectories an ACL specifying the username with ACCESS=NONE
That's all.
hth
Proost.
Have one on me.
jpe
- create a username in a UIC group of only that user
- set that user /NOACCESS/NETWORK
- (of course, only TMPMBX & NETMBX privs, default & authorized)
- create a topdirectory for, and owned by, that user, set device & directory for the username to that directory
If the "normal" VMS protections are in effect on the system, (ie, WORLD: ) he can not reach any other directories.
-- if the system has (lots of ?) topdirectories with WORLD ACCESS permitted, then give (add to ?) those topdirectories an ACL specifying the username with ACCESS=NONE
That's all.
hth
Proost.
Have one on me.
jpe
Don't rust yours pelled jacker to fine doll missed aches.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-26-2007 08:50 PM
08-26-2007 08:50 PM
Re: How to Create Restricted FTP User
The HGFTP FTP server (available on the freeware CD) can run in parallel to your standard FTP server. It allows to fine tune ftp clients as to which directories they may access and to what commands are available to them.
regards Kalle
regards Kalle
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-26-2007 10:00 PM
08-26-2007 10:00 PM
Re: How to Create Restricted FTP User
Perhaps not exactly what you intend, but it works on my systems:
* Enable anonymous FTP. That will create a very restricted user in SYSUAF that will have no access to any location outside his login directory except the ones below.
* You are free to change default device and directory in SYSUAF to some 'safe' place if you wish. It simply works the same way.
* Set file ownership in that directory to any user you want - but NOT this anonymous user (and preferably, a non-system user).
* Set file protection S:RWE,O:RWE,G:,W:RE on the directory and all files below.
* You can create any directory tree below that and populate it with downloadble files, be sure to have ownership and protection set as the base directory.
Either a system suer or the owner (as set by you) have WRITE acccess to these directories. Since ANONYMOUS has acecss to just these directories, and is disallowed anywhere else, this user can only retrieve files from this directory.
You could limit access to specific files by specifying W:E on the directories; that will disallow browsing; direct access however of any explicitly named file (just GET, not MGET) will succeed.
I had this implemented on VMS 7.3-2, TCPIP 5.3 and runs up to date without problems. Of course abuse is tried, but FTP did just what I expect it to do in such cases: fail.
* Enable anonymous FTP. That will create a very restricted user in SYSUAF that will have no access to any location outside his login directory except the ones below.
* You are free to change default device and directory in SYSUAF to some 'safe' place if you wish. It simply works the same way.
* Set file ownership in that directory to any user you want - but NOT this anonymous user (and preferably, a non-system user).
* Set file protection S:RWE,O:RWE,G:,W:RE on the directory and all files below.
* You can create any directory tree below that and populate it with downloadble files, be sure to have ownership and protection set as the base directory.
Either a system suer or the owner (as set by you) have WRITE acccess to these directories. Since ANONYMOUS has acecss to just these directories, and is disallowed anywhere else, this user can only retrieve files from this directory.
You could limit access to specific files by specifying W:E on the directories; that will disallow browsing; direct access however of any explicitly named file (just GET, not MGET) will succeed.
I had this implemented on VMS 7.3-2, TCPIP 5.3 and runs up to date without problems. Of course abuse is tried, but FTP did just what I expect it to do in such cases: fail.
Willem Grooters
OpenVMS Developer & System Manager
OpenVMS Developer & System Manager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-27-2007 09:56 AM
08-27-2007 09:56 AM
Re: How to Create Restricted FTP User
Sial,
Apart from normal OpenVMS protections - If defined, the logical name TCPIP$FTP_ANONYMOUS_DIRECTORY defines the directories that the FTP ANONYMOUS users are allowed to access.
Apart from normal OpenVMS protections - If defined, the logical name TCPIP$FTP_ANONYMOUS_DIRECTORY defines the directories that the FTP ANONYMOUS users are allowed to access.
A crucible of informative mistakes
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-27-2007 09:26 PM
08-27-2007 09:26 PM
Re: How to Create Restricted FTP User
I concur with Karl - use HG FTP, as this allows you to define logicals that give access to a limited set of directories, rather than having to rely on UIC/ACL protection across the whole system.
Rob.
Rob.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP