FTP SIB Enhancements, Phase I
Updated documentation from FTPDOC.arpa.sys:
======================================================================
************************************************************************
Configuration rules for SETPARMS.ARPA.SYS file:
************************************************************************
The "SETPARMS" file is the global configuration file for optional & new
functionality in both the FTP client (FTP) and the FTP server (FTPSRVR).
The following configuration rules apply to the SETPARMS.ARPA.SYS file:
CONSOLE_LOGGING = {ON/OFF}
DEBUG_PASS = {ON/OFF}
LOG_COMMANDS = {ON/OFF}
LOG_TRANSFERS = {ON/OFF}
PASSWORD = {ON/OFF}
POSIX = {ON/OFF}
SITE_CHMOD = {ON/OFF}
SITE_CHOWN = {ON/OFF}
SITE_STREAM = {ON/OFF}
Note: The format of the SETPARMS.ARPA.SYS file has the following rules:
a. This file can be created and edited with a supported editor. This
file should be unnumbered, fixed width ASCII with a record-width of
no more than 72 bytes.
b. Upper/Lower case letters can be used.
c. Blank spaces are not a problem.
d. The parameters can be entered in the file in any order.
e. Only the following keywords are allowed:
CONSOLE_LOGGING, DEBUG_PASS, LOG_COMMANDS, LOG_TRANSFERS,
PASSWORD, POSIX, SITE_CHMOD, SITE_CHOWN and SITE_STREAM
f. Invalid keywords or parameters are silently ignored.
g. By default if these keywords are not in SETPARMS.ARPA.SYS or if the
SETPARMS.ARPA.SYS file does not exist the following are the defaults:
console_logging = on
debug_pass = off
log_commands = off
log_transfers = off
password = off
posix = off
site_chmod = off
site_chown = off
site_stream = on
A sample of how to enable options as a default for your system:
------------------------------------------------------------
:editor
HP32201A.09.00 EDIT/3000 MON, JUL 31, 2000, 7:19 PM
(C) HEWLETT-PACKARD CO. 1993
/a
1 site_chmod=ON
2 //
...
/K SETPARMS.ARPA.SYS,UNN;E
END OF SUBSYSTEM
:
------------------------------------------------------------
************************************************************************
Configuration rules for FTPHELLO.ARPA.SYS file:
************************************************************************
The "FTPHELLO" Logon Banner configuration file is a security enhancement
added to the FTP server (FTPSRVR) to support the display of a welcome
message upon connection to the server. The typical contents of this
message is a company's "access disclaimer & legal security policy".
The following configuration rules apply to the FTPHELLO.ARPA.SYS file:
The existence of the file FTPHELLO.ARPA.SYS is the switch which enables
this feature.
Note: The format of the FTPHELLO.ARPA.SYS file has the following rules:
a. This file can be created and edited with a supported editor. This
file should be unnumbered, fixed width ASCII with a record-width of
no more than 72 bytes and with no more than 24 records.
b. Four banner tokens have been implemented:
- If line contains '%C' replace it with server CWD.
- If line contains '%L' replace it with client host domain name.
- If line contains '%R' replace it with server host domain name.
- If line contains '%T' replace it with server time.
c. The text line returned will be truncated to 72 characters after
token substitutions.
d. The text lines returned will be truncated to 24 records.
The banner will be returned to a FTP Client as an informative "230-"
continuation messages terminated by a "230 " message.
example:
:ftp aleta
Name(manager): user.account
230-
230-This system "aleta" is reserved for Network Expert Center use only!
230-Unauthorized use is prohibited by law and people with sticks.
230-
230 User logged on
ftp>
************************************************************************
Configuration rules for FTPUSERS.ARPA.SYS file:
************************************************************************
The "FTPUSERS" logon access configuration file is a security enhancement
added to the FTP server (FTPSRVR) to support an exclusion list of user
logons allowed to connect to the server.
The following configuration rules apply to the FTPUSERS.ARPA.SYS file:
The existence of the file FTPUSERS.ARPA.SYS is the switch which enables
this feature. If FTPUSERS.ARPA.SYS file does not exist FTP will not deny
login of any user. An empty FTPUSERS.ARPA.SYS file will not deny login
of any user.
Note: The format of the FTPUSERS.ARPA.SYS file has the following rules:
a. This file can be created and edited with a supported editor. This
file should be unnumbered, fixed width ASCII with a record-width of
no more than 72 bytes. The physical limit to this file is 4GB,
but performance will be the actual limiting factor.
b. The usernames must appear in the file FTPUSERS.ARPA.SYS one per
line.
c. The MPE usernames can be specified in two formats:
- {username}.{accountname}: The specific user from the specific
account would not be allowed to login.
- {accountname}: All the users from the specified account would not
be allowed to login.
d. Comments start with "#" and must not begin after any username. Any
line containing a "#" will be considered a comment line.
e. Users with SM capability (like MANAGER.SYS) are not restricted by
the FTPUSERS configuration. Note: this is a Phase II feature and not
included in this relase of the enhancement.
f. Specification of the accountname or username.accountname should not
include leading or trailing whitespace character(s).
g. Specification of the accountname or username.accountname is not
case sensitive.
h. In the case of redundant entries, the first entry match to exclude
an accountname or username.accountname is used.
i. Invalid entries will silently be ignored.
The FTP Client will see the following error message:
530 Logon failed, restricted in FTPUSERS.
Error in login. (FTPERR 65)
If FTP Console Logging is enabled, the FTP server will generate the
following error message to the console:
11:27/#J118/74/FTP LOGON RESTRICTED FOR: "{username}" IP=127.0.0.1
Example:
EXTERNAL.PROD
TEST
OPERATOR.SYS
************************************************************************
Configuration rules for FTPACCES.ARPA.SYS file "noretrieve" option:
************************************************************************
The "FTPACCES" file access configuration file is a security enhancement
added to the FTP server (FTPSRVR) to support an exclusion list of files
that can be accessed with GET/MGET.
The following configuration rules apply to the FTPACCES.ARPA.SYS file:
The existence of the file FTPACCES.ARPA.SYS is the switch which enables
this feature. If FTPACCES.ARPA.SYS file does not exist FTP should not
deny access of any file. An empty FTPACCES.ARPA.SYS file should not
deny access of any file.
Note: The format of the FTPACCES.ARPA.SYS file has the following rules:
a. This file can be created and edited with a supported editor. This
file should be unnumbered, fixed width ASCII with a record-width of
no more than 72 bytes. The physical limit to this file is 4GB, but
performance will be the actual limiting factor.
b. The line 'noretrieve {filelist}' allows for the configuration of
files that cannot be retrieved, either by get or mget, with FTP.
c. The "noretrieve {filelist} command is a blankspace-separated list
of file names specified in two formats which can be intermixed:
- noretrieve file1 file2 file3
- noretrieve /directory/file4 /directory/directory/file5
The file names follow only the POSIX HFS notation (not the
traditional MPE FILE.GROUP.ACCOUNT syntax). Absolute pathnames
(meaning the name begins with a slash, "/") deny access to a
single file. A traditional named MPE file can be specified as
/ACCOUNT/GROUP/FILE, all in uppercase. Simple file names (e.g.
PAYROLL or MyFile), that is names which do not begin with a slash,
are excluded if found in any /ACCOUNT/GROUP, or any
/ACCOUNT/directory, or any /directory. Specification of all parts
in traditional MPE syntax are case sensitive (must be Upper case);
as well specification of directories and files outside of MPE file
space are also case sensitive and can be any combination of upper
case & lower case and must exactly match the actual file name (both
file /tmp/myfile and file /tmp/MYFILE can exist in POSIX HFS
syntax).
d. No globbing or MPE wildcarding is done.
e. Users with SM capability (like MANAGER.SYS) are not restricted by
the FTPACCES configuration.
f. If one line can not contain the whole list of files that the owners
want to make non-retrievable, multiple lines starting with
noretrieve can be used.
g. In any line all characters after hash (#) are considered as
comment and hence are ignored.
h. Leading or trailing whitespace character(s) are considered file
name delimiters.
i. Invalid entries will silently be ignored.
The FTP Client will see the following error message:
550 {filename} is marked non-retrievable.
File access denied, restricted in FTPACCES. (FTPERR 78)
Example:
/SYS/PUB/COMMAND
NETRC
Note: FTPACCES may be enhanced in Phase II in ways that are not
forwards compatible. For instance, relative (unqualified) filenames
may be case sensitive. Thus, noretrieve ci and noretrieve CI would
block different files. Also, directory names may be supported. For
example, noretrieve /SYS/PUB could block all files under the PUB
group in the SYS account.
************************************************************************
LOG_COMMANDS option:
************************************************************************
The "LOG_COMMANDS = ON" SETPARMS.ARPA.SYS configuration option is a
security enhancement added to the FTP server (FTPSRVR) and FTP client to
support the "logging" of FTP internal commands sent and received for
both the FTP Client and FTP server. These messages are logged in
FTPLOG##.ARPA.SYS.
Note: The format of the FTPLOG##.ARPA.SYS file has the following rules:
a. The FTPLOG##.ARPA.SYS file is automatically built by the FTP Client
or the FTP server.
b. The file name for logging would be FTPLOG##.ARPA.SYS where
##=00-99.
c. The limit of the number of records before a logfile is switched is
65500.
d. The data format of the logging data fields are ":" delimited to
support importing this data to spreadsheet applications.
e. The date/time stamps are of the system performing the logging, not
of the remote system.
The data format of the logging data fields is:
yyyy/mm/dd:hh.mm.ss:#J/#S:jobname,user.account:ip.ip.ip.ip:C/S
:FTP Commands:
Where:
:yyyy/mm/dd:hh.mm.ss: = Date/Time Stamp of the command executed
:#J/#S: = The MPE Job/Session number
:jobname,user.account: = MPE logon
:ip.ip.ip.ip: = IP address of the non-local system
:C/S: = FTP Client or FTP server is performing the logging
:FTP Commands: = FTP internal client/server command.
Example:
2005/04/07:14.50.28:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:USER MANAGER.SYS:
2005/04/07:14.50.28:#J118:JINETD,MANAGER.SYS:127.0.0.1:S:USER MANAGER.SYS:
2005/04/07:14.50.40:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:PASS **:
2005/04/07:14.50.40:#J118:MANAGER.SYS:127.0.0.1:S:SYST:
2005/04/07:14.50.40:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:SYST:
2005/04/07:14.50.40:#J118:MANAGER.SYS:127.0.0.1:S:SITE MPE/iX FTP Client [A0012S
2005/04/07:14.50.40:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:SITE MPE/iX FTP Cli
2005/04/07:14.50.41:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:TYPE I:
2005/04/07:14.50.41:#J118:MANAGER.SYS:127.0.0.1:S:TYPE I:
2005/04/07:14.50.41:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:SITE TIMEOUT 900:
2005/04/07:14.50.41:#J118:MANAGER.SYS:127.0.0.1:S:SITE TIMEOUT 900:
2005/04/07:14.50.45:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:RNFR X:
2005/04/07:14.50.45:#J118:MANAGER.SYS:127.0.0.1:S:RNFR X:
2005/04/07:14.50.45:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:RNTO X:
2005/04/07:14.50.45:#J118:MANAGER.SYS:127.0.0.1:S:RNTO X:
2005/04/07:14.50.45:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:SITE BUILDPARMS X:
2005/04/07:14.50.45:#J118:MANAGER.SYS:127.0.0.1:S:SITE BUILDPARMS X:
2005/04/07:14.50.45:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:PORT 127,0,0,1,169,
2005/04/07:14.50.45:#J118:MANAGER.SYS:127.0.0.1:S:PORT 127,0,0,1,169,167:
2005/04/07:14.50.45:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:SITE FILELABEL RETR
2005/04/07:14.50.45:#J118:MANAGER.SYS:127.0.0.1:S:SITE FILELABEL RETR X:
2005/04/07:14.50.46:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:SITE USER_LABELS X:
2005/04/07:14.50.46:#J118:MANAGER.SYS:127.0.0.1:S:SITE USER_LABELS X:
2005/04/07:14.50.46:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:PORT 127,0,0,1,169,
2005/04/07:14.50.46:#J118:MANAGER.SYS:127.0.0.1:S:PORT 127,0,0,1,169,168:
2005/04/07:14.50.46:#J118:MANAGER.SYS:127.0.0.1:S:RETR X:
2005/04/07:14.50.46:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:RETR X:
2005/04/07:14.50.49:#J118:MANAGER.SYS:127.0.0.1:S:QUIT:
2005/04/07:14.50.49:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:QUIT:
Note: Once this feature is enabled, it will be important for users to
archive and purge the FTPLOG## files.
************************************************************************
LOG_TRANSFERS option:
************************************************************************
The "LOG_TRANSFERS = ON" SETPARMS.ARPA.SYS configuration option is a
security enhancement added to the FTP server (FTPSRVR) and FTP client to
support the "logging" of FTP file transfer statistics for files sent and
received for both the FTP client and FTP server. These messages are
logged in FTPLOG##.ARPA.SYS.
Note: The format of the FTPLOG##.ARPA.SYS file has the following rules:
a. The FTPLOG##.ARPA.SYS file is automatically built by the FTP Client
or the FTP server.
b. The file name for logging would be FTPLOG##.ARPA.SYS where
##=00-99.
c. The limit of the number of records before a logfile is switched is
65500.
d. The data format of the logging data fields are ":" delimited to
support importing this data to spreadsheet applications.
e. The date/time stamps are of the system performing the logging, not
of the remote system.
The data format of the logging data fields is:
yyyy/mm/dd:hh.mm.ss:#J/#S:jobname,user.account:ip.ip.ip.ip:C/S
:FTP Commands:I/O:I/A/B:bytes_received:seconds:Kbytes/sec:
Where:
:yyyy/mm/dd:hh.mm.ss: = Date/Time Stamp of the command executed
:#J/#S: = The MPE Job/Session number
:jobname,user.account: = MPE logon
:ip.ip.ip.ip: = IP address of the non-local system
:C/S: = FTP client or FTP server is performing the logging
:FTP Commands: = Shortened FTP internal client/server file transfer
command.
:I/O: = Transfer request is Inbound or Outbound of this system
:I/A/B: = Transfer Mode = Image (binary), ASCII, Byte Stream
:bytes_received = Bytes received for entire file transfer
:seconds: = Time in seconds for entire file transfer.
:Kbytes/sec: = Kilobytes transferred per second.
Note: The transfer statistics are the approximately the same as
displayed at the FTP command line following a get/mget.
1127456 bytes received in 0.84 seconds (1317.02 Kbytes/sec)
Example:
2005/04/07:14.53.23:#J118:MANAGER.SYS:127.0.0.1:S:RETR x:O:I:1127456:0.57:1924.8
2005/04/07:14.53.24:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:RETR x:I:I:1127456:
Note: Once this feature is enabled, it will be important for users to
archive and purge the FTPLOG## files.
************************************************************************
SITE_CHMOD option:
************************************************************************
The "SITE_CHMOD = ON" SETPARMS.ARPA.SYS configuration option is a
security enhancement added to the FTP server to support the ability for
an inbound FTP Client to send a "SITE CHMOD {fileaccess} {filename}"
command following a inbound file transfer.
where:
{fileaccess} are standard POSIX file access definition bytes.
{filename} is a file name specified in POSIX HFS name space in the
format "filename" or "/DIRECTORY/filename" and is case sensitive.
note: The functionality of "SITE CHMOD" is limited to the documented
syntax only. Additional features of "SITE CHMOD" present on other
systems have not been implemented in FTP/iX. Specifically the
"[A/O/G/U][+/-][R/W/X]" syntax is not supported. The valid numeric
range for {fileaccess} is from 000 thru 777.
Example:
ftp> site chmod 555 filename
The FTP Client will see the following message:
200 CHMOD command ok.
************************************************************************
SITE_CHOWN option:
************************************************************************
The "SITE_CHOWN = ON" SETPARMS.ARPA.SYS configuration option is a
security enhancement added to the FTP server to support the ability for
an inbound FTP Client to send a...
"SITE CHOWN {new-username[:groupname]} {filename}"
...command following a inbound file transfer.
where:
{new-username} is a valid MPE USER.ACCOUNT logon.
[:groupname] is a valid MPE ACCOUNT
{filename} is a file name specified in POSIX HFS name space in the
format "filename" or "/DIRECTORY/filename" and is case sensitive.
note: The functionality of "SITE CHOWN" is limited to the documented
syntax only. Additional features of "SITE CHOWN" present on other
systems have not been implemented in FTP/iX.
Example:
ftp> site chown MANAGER.SYS filename
The FTP Client will see the following message:
200 CHOWN command ok.
************************************************************************
NETRC file:
************************************************************************
The "NETRC" file is an enhancement added to the FTP Client to support an
automated logon to a remote host. A security enhancement has since been
added to the "NETRC" file to permit read access by the FTP client to a
"NETRC" file which is secured by setting the file access to "eXecute"
and limiting all other access.
Syntax:
machine ["]machine_name["] login ["]user["] password ["]passwd["]
or
default login ["]user["] password ["]passwd["]
Example:
machine "HPSYS" login "MANAGER.SYS" password "USERPASS,ACCTPASS"
or
default login "MGR.TELESUP" password "USERPASS,ACCTPASS"
The file is called "NETRC.{home-group}. File equations can be used.
Syntax:
:file NETRC.{home-group}=NETRC.{other-group}.{other-account}
Note: The format of the NETRC.{home-group} file has the following rules:
a. This file can be created and edited with a supported editor. This
file should be unnumbered, fixed width ASCII with a record-width of
no more than 72 bytes.
b. The syntax for each line of the file is:
machine ["]machine_name["] login ["]user["] password ["]passwd["]
or
default login ["]user["] password ["]passwd["]
c. There should be at most one "default" entry per file.
d. Each of the tokens "machine", "login", "password" and "default"
must match exactly, and must be in lower-case.
e. Each token must be separated by any number of SPACE or TAB
characters.
f. Each {string} identifier may be encapsulated by double-quotes,
i.e. e.g.,
machine "HPSYS" login "MGR.TELESUP" password "USERPASS,ACCTPASS"
And
machine HPSYS login MGR.TELESUP password USERPASS,ACCTPASS
are equivalent. This feature would be useful when a space is
embedded as part of a password, for example.
g. The node name specified in the netrc file is "CaSe SeNsItIvE" and
must match the case of the node name specified in the open command.
Note: unencrypted passwords stored in a file like this constitute a
security risk. If this is a problem, try the following command:
:altsec NETRC.{home-group}.{account};access=(R,A,W,L:CR;X:AC)
Additional security can be applied by implementing ACD's for the
NETRC file specifying which users have "eXecute" access.
************************************************************************
DEBUG_PASSWORD option:
************************************************************************
The "DEBUG_PASS = OFF" SETPARMS.ARPA.SYS configuration option is a
security enhancement added to the FTP server to default the "debug"
command display to report "---> PASS ********" rather than "---> PASS
userpass,acctpass". This security enhancement has been added in
concert with enhanced NETRC "eXecute" security.
The "debug" command at the FTP client prompt puts FTP into diagnostic
mode. The FTP client and server internal commands are displayed to the
$stdlist of the client in this mode. If "debug" is specified before an
open, then after the user is prompted for logon passwords with echo
disabled or a NETRC file is processed, the "debug" mode would then
display "---> PASS userpass,acctpass".
:ftp
ftp> debug
ftp> o system
Name(manager): MGR.TEST
---> USER MGR.TEST
331 Password required for MGR.TEST. Syntax: userpass
Password:
---> PASS PASS {password is displayed}
The new default is for the FTP client with "DEBUG" mode to display
"---> PASS ********".
:ftp
ftp> debug
ftp> o system
Name(manager): MGR.TEST
---> USER MGR.TEST
331 Password required for MGR.TEST. Syntax: userpass
Password:
---> PASS ******** {password is not displayed}
The SETPARMS file can be modified to return the original functionality
for troubleshooting logon passwords to a FTP server by specifying
"DEBUG_PASS = ON".