HP ARPA FTP SERVER HELP FILE
--------------------------------
This file is: FTPDOC.ARPA.SYS
The purpose of this SAMPLE session is to provide help for a remote user
accessing the FTP server. More detailed information about FTP behavior
follows the sample.
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Start FTP from your system and connect to the remote MPE/iX system using
the IP address supplied by your system administrator (The IP address used
below is just an example):
ftp> open 192.50.43.21
220 HP ARPA FTP Server [A0006007] (C) Hewlett-Packard Co. 1990
Supply the logon ID and password when prompted or use the USER command. The
MPE/iX logon syntax is session,username.acctname,groupname. The password
syntax is [userpass][,acctpass[,grouppass]]. For example:
ftp> user john,support.arpa,pub online,ftp
331 Password required for SUPPORT.ARPA,PUB. Syntax: userpass,acctpass
230 User logged on
Display your logon information using the PWD command:
ftp> pwd
257-"/ARPA/PUB" is the current directory.
257 "JOHN,SUPPORT.ARPA,PUB" is the current session.
Display the files in your current working group and account using the DIR
and LS commands:
ftp> dir
200 PORT command ok.
150 File: LISTFILE ./@,2 opened; data connection will be opened
PATH= /ARPA/PUB/./
ACCOUNT = ARPA GROUP= PUB
FILENAME CODE ------------LOGICAL RECORD-------
SIZE TYP EOF LIMIT
NSCREEN1 256B FA 800 10000
NSCREEN2 80B FA 500 14000
NSPROGX PROG 1934W VB 4551 9480
PROGRAMX 256W FB 700 1350
226 Transfer complete.
ftp> ls @
200 PORT command ok.
150 File: LISTFILE @,6 opened; data connection will be opened
NSCREEN1
NSCREEN2
NSPROGX
PROGRAMX
226 Transfer complete.
Now display files in another group (same account) on the remote HP 3000
machine. Notice how the wild card character results in a difference in file
naming convention in this reply compared to the previous LS command. These
file names have the group and account appended.
ftp> ls @.group1
200 PORT command ok.
150 File: LISTFILE @.group1 opened; data connection will be opened
AFILE.GROUP1.ARPA
NPROGRAM.GROUP1.ARPA
NSPROG1.GROUP1.ARPA
NSPROG2.GROUP1.ARPA
NSPROG3.GROUP1.ARPA
TSCREEN.GROUP1.ARPA
TSCREEN2.GROUP1.ARPA
226 Transfer complete.
Transfer an MPE/iX file to your system. The target file name defaults to the
source file name NSCREEN1, since no target file name was specified:
ftp> get nscreen1
200 PORT command ok.
150 File: NSCREEN1 opened; data connection will be opened
226 Transfer complete.
Transfer a binary file from MPE/iX to your system from another group. Since
no target file was specified, the target file should be named NPROGRAM.GROUP1.
ftp> binary
200 Type set to I.
ftp> get NPROGRAM.GROUP1
200 PORT command ok.
150 File: NPROGRAM.GROUP1 opened; data connection will be opened
226 Transfer complete.
Transfer multiple files from MPE/iX to your system. All the NS* files in
GROUP1 will be transferred and have the same names as on MPE/iX including the
group and account name. MPE/iX file names can be up to eight characters and
are represented in capital letters.
ftp> mget ns@.group1
mget NSPROG1.GROUP1.ARPA? y
150 File: NSPROG1.GROUP1.ARPA opened; data connection will be opened
226 Transfer complete.
mget NSPROG2.GROUP1.ARPA? y
150 File: NSPROG2.GROUP1.ARPA opened; data connection will be opened
226 Transfer complete.
mget NSPROG3.GROUP1.ARPA? y
150 File: NSPROG3.GROUP1.ARPA opened; data connection will be opened
226 Transfer complete.
Transfer a local file to other than the MPE/iX working group, using MPE/iX
file building parameters:
ftp> put file2 newfile.group1;rec=-78,,f,ascii
------------------------------------------------------------------------------
------------------------------------------------------------------------------
The MPE/iX file system consists of two file spaces: First is the older
MPE-space, made up of "FILENAME.GROUP.ACCOUNT", where names are not case
sensitive and each of FILENAME, GROUP and ACCOUNT are limited to 8 characters,
and the first character must be alphabetical. Second is the newer
hierarchical file space made up of "/dir1/dir2/.../filename", where each label
is case-sensitive, limited to 255 characters, and can start with any
alpha-numeric of under-score ("_") character.
MPE/iX user logon accounts are in the form:
ftp> USER sessionname,username.acctname,groupname
Sessionname is optional. Passwords may be required for all three parts of the
user account: userpass,accountpass,grouppass
You can enter the user logon account and passwords together as in the
following example:
ftp> USER sess,user/upass.acct/apass,group/gpass
In this instance, press the return key when prompted for a password since the
passwords were already specified.
Changing groups:
The FTP CD command is supported by the FTP server. To change groups you
can "cd ../NEWGROUP".
Using metacharacters:
Be aware that if you use metacharacters (wild-cards) to specify a group and/or
account with MGET, the resulting filenames will be fully qualified MPE/iX file
names (filename.groupname.account), a maximum of 26 characters, including
periods. If your system supports fewer characters than MPE/iX, the filenames
may be truncated. Use the LS command to verify the set of files you are
transferring as in the following:
ftp> LS @.groupname
Both * and @ can be used as wildcard characters.
To transfer files to MPE/iX machines with certain attributes, you can use file
building parameters following the PUT command string as follows:
ftp> PUT localfile remotefile;buildparms
The supported build parameters are:
;REC=[-recsizeinbytes][,blkfactor[,[{F}][,{BINARY}]]]]
{V} {ASCII}
{B}
[;CODE=filecode]
[;DISC=[numrec][,[numextents][,[initialloc]]]
The recsizeinbytes sub-parameter in the REC= parameter can also be specified
in words (two bytes per word) using a positive integer value.
The F, V or B sub-parameter of the REC= parameter indicates whether the file
should be built with fixed-length, variable-length or byte-stream records.
This last type is new and is designed to more closely match files on
character-oriented file-systems, such as UN*X. Note that the B will override
any other sub-parameters and force a record size of one and the file to be
type ASCII.
FTP/iX supports 3 transfer modes: ASCII (the default), binary and local-byte,
also known as byte-stream (UN*X machines often call this mode tenex). Binary
and local-byte are the same from a data-transfer point-of-view; the only
difference is that in-bound files will be created with binary build-parameters
versus byte-stream build-parameters.
The default MPE/iX file transfer specifications (for PUTs) in the form of file
building parameters are, according to the current transfer type:
;REC=-80,,F,ASCII;DISC=204800
;REC=128,,F,BINARY;DISC=204800
;REC=,,B;DISC=16384000
Note that for ASCII and binary, the DISC= parameter indicates how many records
to allow the target file to contain, whereas for local-byte mode, the DISC=
parameter also indicates how many bytes, since each record is a single byte.
Examples:
ftp> PUT filex file2;REC=-150,,V,ASCII
ftp> PUT filex file2;REC=-256,,F,BINARY;CODE=PROG
ftp> PUT filex file2;REC=,,B;DISC=120
If you want to send data to a file that already exists (for example, writing a
new version of a program), and you want to create the new file with the same
attributes as the old one, you can use the following command to find out what
the old file's attributes were:
ftp> site buildparms myfile
213 "myfile": REC=128,1,F,BINARY;DISC=950,8;CODE=1030
You can then use these build-parms to create the new file. When both ends
of the transfer are MPE/iX machines, FTP will automatically supplement any
build-parms specified by the user with those of the source file, so by default
a target file will be created with the same attributes as the source file.
NEW FEATURES:
******************************************************************************
Transfer of all MPE/iX file types:
******************************************************************************
The client (FTP) and server (FTPSRVR) must be compatible to take
advantage of this feature. All MPE/iX file types can be transferred
between like MPE/iX/FTP/iX systems without the need for buildparms on
the command line. Buildparms included on the command line will be ignored
if the file is a non standard file type such as RIO, MESSAGE, KSAMXL, KSAM,
SPOOL, PRIV code, etc. The use of buildparms is only accepted for standard
file types (file code of zero). Non standard file type transfers to
incompatible MPE/iX/FTP/iX versions will result in a data transfer failure
message. You cannot append to non-standard MPE/iX file types with the use
of this new feature. Non-Standard file transfers to non MPE/iX systems will
also result in a data transfer failure. Non compatibility of client and server
file transfer requests will result in appropriate error messages.
Example:
FILENAME CODE ------------LOGICAL RECORD----------- ----SPACE----
SIZE TYP EOF LIMIT R/B SECTORS #X MX
DB000 PRIV 128W FB 6 6 1 16 1 1
ftp> get db000
150 File: db000 opened; data connection will be opened
2816 bytes received in 0.02 seconds (130.95 Kbytes/sec)
ftp>
In the above example, a second data connection message is displayed as a
result of transferring the files file label before the opening of the
target file. In non-standard files, this additional message will appear.
In standard file transfers, the old method of file transferred is employed
and will not display a second data connection open message.
Example:
FILENAME CODE ------------LOGICAL RECORD----------- ----SPACE----
SIZE TYP EOF LIMIT R/B SECTORS #X MX
BIGRIO1 128B FAR 8193 8192 3 4128 1 8
ftp> get bigrio1
150 File: bigrio1 opened; data connection will be opened
1054934 bytes received in 3.69 seconds (279.27 Kbytes/sec)
ftp>
Example:
FILENAME CODE ------------LOGICAL RECORD----------- ----SPACE----
SIZE TYP EOF LIMIT R/B SECTORS #X MX
O494 OUTSP 1008B VACS 95 4 1 16 1 5
ftp> get o494
150 File: o494 opened; data connection will be opened
4096 bytes received in 0.03 seconds (142.86 Kbytes/sec)
ftp>
Example:
ftp> get o494;rec=120,3,f,ascii;disc=12345 {- buildparms will be ignored
150 File: o494 opened; data connection will be opened
4096 bytes received in 0.03 seconds (142.86 Kbytes/sec)
ftp>
ftp> :listf o494,2
ACCOUNT= FTPTESTS GROUP= STAGE1
FILENAME CODE ------------LOGICAL RECORD----------- ----SPACE----
SIZE TYP EOF LIMIT R/B SECTORS #X MX
O494 OUTSP 1008B VACS 95 4 1 16 1 5
ftp>
For more information about the BUILD command, see the MPE/iX Intrinsics
Reference Manual, part number 32650-90028.
******************************************************************************
HASH command:
******************************************************************************
The hash is a command that toggles the display function which will display
a hash ('#') symbol every 1024 characters of data transfer.
Example:
ftp> hash
Hash mark printing on (1024 bytes/hash mark).
ftp> get db000
150 File: db000 opened; data connection will be opened
150 File: db000 opened; data connection will be opened
##
2816 bytes received in 0.02 seconds (130.95 Kbytes/sec)
ftp> hash
Hash mark printing off (1024 bytes/hash mark).
ftp>
The hash command is a local client command and will work while connected
to non MPE/iX systems.
******************************************************************************
SITE TIMEOUT command:
******************************************************************************
The SITE TIME command works similar to the TIMEOUT command at the FTP
client command prompt. This command will send a timeout value to the peer
FTP server (MPE/iX compatible version only) and establish a timeout
for the data connection based on that value. Values from 0 to 31000 seconds
are valid, where 0 disables the timer (essentially, setting the timer to
infinite). Without setting or initiating this command, the default is set
at 3000 seconds.
Example:
ftp> site timeout 0
200 TIMEOUT command ok.
In the above example, the timer is set to an infinite timeout value. In
In the above example, the timer is set to an infinite timeout value. In
the example below, the timeout is set to 1 second (yielding a timeout which
very quickly expires the remote FTP server - validated by the logoff which
would normally be displayed on the system console).
ftp> site timeout 1
200 TIMEOUT command ok.
ftp>
11:19/#S81/67/LOGOFF ON LDEV #8.
For additional information please refer to the HP ARPA File Transfer Protocol
User's Guide, part number 36957-61002.
******************************************************************************
SITE POSIX command:
******************************************************************************
The SITE POSIX command is a ON/OFF toggle which provides the ability to
change from the default MPE File Domain of file.GROUP.ACCOUNT to the
POSIX File Domain more commonly known as HFS (Hierarchical File System)
of /ACCOUNT/GROUP/file or /directory/file.
This is an significant FTP server enhancement that improves the file
access for non-3000 clients connecting to the HP e3000 in three areas.
The new functionality includes 1) An improved FTP 'anonymous' logon
interface where commands generate expected POSIX results and support for
HFS file directory access; 2) An improved FTP client HFS file directory
access which eliminates the difficulty of specifying "./" to PUT, GET
and DELete files which promotes the drag/drop files feature existing in
some GUI based FTP clients and 3) Support for ftp:// commands from web
browsers providing the ability to display directories, view ASCII and
ByteStream file contents and save selected files to the client.
The SITE POSIX ON/OFF command can be executed at a FTP client prompt or
can be set as a system wide default in the file SETPARMS.ARPA.SYS by
adding the text "POSIX=ON" or "POSIX=OFF" with a supported editor.
The following features/changes are implemented in "SITE POSIX ON":
1. A new "SITE" command
Syntax: SITE POSIX [ON | OFF]
When the command "SITE POSIX ON" is executed, the FTP server will change
to the "POSIX" mode for "DIR/LS", "GET/PUT" and "DEL" requests. When the
"SITE POSIX OFF" command is executed, the FTP server will behave in the
"MPE" mode for "DIR/LS", "GET/PUT" and "DEL" requests.
By default the "POSIX" flag is set "OFF". If a SETPARMS.ARPA.SYS file is
built with "POSIX=ON" and the connection to the FTP server is from a
"non-MPE" machine, the "POSIX" flag is set "ON". For connections to the
FTP server from a "MPE" machine, the "POSIX" flag is set "OFF". The
"SITE POSIX ON" command entered on a FTP client will override the default.
The response in both cases to the "SITE POSIX ON/OFF" command is as
follows:
ftp> site POSIX on
200 POSIX command ok.
ftp> site POSIX off
200 POSIX command ok.
2. POSIX behavior of "DIR/LS" (LIST/NLIST)
The output of the "DIR" command is in "ls -1a" format and the "LS"
command is in "ls -al" format.
3. POSIX PWD response
In the normal case "MPE" mode the response for a PWD request is
257- "/SYS/PUB" is the current directory
257 "MANAGER.SYS,PUB" is the current session
In the POSIX case, it is only
257 "/SYS/PUB" is the current directory.
4. POSIX PUT/MPUT
There is no need to have a "./" prefix to put POSIX files
However, to put a file to the non-default account, you should specify
the target file in HFS, i.e. /ACCOUNT/GROUP/file; file.GROUP.ACCOUNT
WILL NOT work.
5. POSIX GET/MGET
There is no need to have a "./" prefix to get POSIX files
However, to get a file from the non-default account, you need to
specify the file in HFS, i.e. /ACCOUNT/GROUP/file; file.GROUP.ACCOUNT
WILL NOT work.
6. POSIX DEL
There is no need to have a "./" prefix to delete POSIX files
However, to delete a file from the non-default account, you need to
specify the file in HFS, i.e. /ACCOUNT/GROUP/file; file.GROUP.ACCOUNT
WILL NOT work.
7. Logging on to system with FTP:// URL
With a web browser, FTP now supports a FTP:// URL logon of anonymous
if configured on the HP e3000 host and a logon of USER.ACCOUNT with
password prompting.
The web browser URL for a FTP anonymous logon is:
ftp://host.hp.com
The web browser URL for a USER.ACCOUNT logon is:
ftp://user.account@host.hp.com
You will be prompted for the passwords: userpass,acctpass,grppass.
8. Displaying the ByteStream file in the browser
With a web browser, the ByteStream files are displayed properly. The
browser sets the transfer mode to "binary" internally. No FTP code
changes were necessary in this case.
Note: At the FTP command prompt, if you specify ASCII option and do a
"GET" of a ByteStream file, you will get a "CR-LF" after each character,
but if you change the transfer mode to "binary", the file is transferred
properly.
9. Displaying the FIXED ASCII file in the browser
With a web browser, the fixed ASCII files are now displayed properly. It
was necessary to make a FTP code change in this case since the entire
ASCII file was displayed on one line without a "CR-LF" terminating
logical records.
10. Updated the STATUS command
The STATUS command will display whether "POSIX" is turned ON or OFF.
If the client sends the "STAT" command to the MPE FTP server, then the
server will respond with the "POSIX ON" or "POSIX OFF".
Notes:
Significant differences, some unexpected are seen when transferring files
to the HP e3000 with "POSIX ON" mode specified. The FTP server will in
all cases treat the file name specified in the PUT, GET or DEL as a HFS
file name when transferring files with "POSIX ON".
SITE POSIX OFF (MPE mode seen historically with FTP/iX)
=============
Note: This is the functionality currently documented in the FTP/iX
user reference.
FTP command Result of FTP command
-------------------------------------- ---------------------------------
put testdata /SYS/WORK/TESTDATA (MPE space)
put testdata testdata /SYS/WORK/TESTDATA {MPE space}
put testdata ./testdata /SYS/WORK/testdata (POSIX space)
put testdata /SYS/WORK/testdata /SYS/WORK/testdata (POSIX space)
put testdata longfilename {failed - invalid MPE space name}
put testdata ./longfilename /SYS/WORK/longfilename (POSIX)
put testdata name_name {failed - invalid MPE space name}
put testdata ./name_name /SYS/WORK/name_name (POSIX space)
put testdata TESTDATA.WORK.SYS /SYS/WORK/TESTDATA (MPE space)
put testdata testdata.work.sys /SYS/WORK/TESTDATA (MPE space)
put testdata.jpg {failed - invalid MPE group name}
put testdata.jpg ./testdata.jpg /SYS/WORK/testdata.jpg {POSIX}
-------------------------------------- ---------------------------------
SITE POSIX ON
=============
FTP command Result of FTP command
-------------------------------------- ---------------------------------
pwd
257 "/SYS/WORK" is the current directory.
put testdata /SYS/WORK/testdata
put testdata testdata /SYS/WORK/testdata
put TESTDATA /SYS/WORK/TESTDATA {MPE space}
put testdata ./testdata /SYS/WORK/testdata
put testdata /SYS/WORK/testdata /SYS/WORK/testdata
put testdata LONGFILENAME /SYS/WORK/LONGFILENAME
put testdata longfilename /SYS/WORK/longfilename
put testdata ./longfilename /SYS/WORK/longfilename
put testdata NAME_NAME /SYS/WORK/NAME_NAME
put testdata name_name /SYS/WORK/name_name
put testdata ./name_name /SYS/WORK/name_name
put testdata TESTDATA.WORK.SYS /SYS/WORK/TESTDATA.WORK.SYS
put testdata testdata.work.sys /SYS/WORK/testdata.work.sys
put testdata.jpg /SYS/WORK/testdata.jpg
put testdata.jpg ./testdata.jpg /SYS/WORK/testdata.jpg
-------------------------------------- ---------------------------------
Note: In this example only one of the above files identified as {MPE
space} is visible with a MPE :listf command and is within the MPE File
Domain. All of the above files are in POSIX space (since POSIX is a
superset of MPE space) and all are visible with the POSIX :listfile
command as well as "ls" and "dir" in the POSIX SHell.
Warning: It is advised to take caution before enabling "POSIX ON".
In the case where a file name is qualified to the GROUP
or GROUP.ACCOUNT level, this will now become part of
the POSIX file name and not the MPE GROUP.ACCOUNT.
In the case where a file name is in lower case, this
will now become a lower case POSIX file name and not an
upshifted MPE file name.
A case exist where a limitation in POSIX (not FTP)
constrains the HFS functionality made accessible with the
"POSIX ON" mode. HP POSIX has a limitation of a maximum
of 16 character file names allowed in a MPE directory
object (a MPE GROUP or a MPE ACCOUNT).
put testdata /SYS/PUB/this_is_a_very_long_file_name
Fails with error:
550 Inserting a name } 16 characters into a MPE dir
object is not allowed. (FILE SYSTEM ERROR -176).
When "POSIX ON" is enabled, files which are PUT or GET with FTP in MPE
file space should be specified in POSIX syntax "/SYS/PUB/CATALOG" as an
example, instead of "CATALOG.PUB.SYS" or "catalog.pub.sys".
Differences in operation are seen with the Netscape(r) Communicator and
the Microsoft(r) Internet Explorer web browsers. Note: Our testing was
performed on the latest browser versions available at the time of this
documentation - Netscape(r) 4.72 and Microsoft(r) IE 5.0.
One of the significant differences is seen when connecting to the HP
e3000 FTP server from the browsers with the ftp:// command. With the
Microsoft(r) Internet Explorer, after logging in with a URL and
responding with the passwords "ftp://manager.sys@host.hp.com" you are
restricted to your MPE home GROUP and any directories under this GROUP
(CHROOT is set to logon GROUP). In the case of the Netscape(r)
Communicator, after logging in with the same URL, you are not restricted
to your home GROUP and in fact you are able to reach the "/" root and
traverse ACCOUNTs, GROUPs, directories and view files that you have
permissions to read as per the MPE and POSIX security settings. Note:
With the Microsoft(r) Internet Explorer you can get to the "/" root with
an alternate logon URL of "ftp://manager.sys@host.hp.com/../..".
A sample of how to enable POSIX ON as a default for your system:
------------------------------------------------------------
:editor
HP32201A.09.00 EDIT/3000 MON, JUL 31, 2000, 7:19 PM
(C) HEWLETT-PACKARD CO. 1993
/a
1 POSIX=ON
2 //
...
/K SETPARMS.ARPA.SYS,UNN;E
END OF SUBSYSTEM
:
------------------------------------------------------------
************************************************************************
PASSIVE command:
************************************************************************
The "PASSIVE" command is an enhancement added to the FTP Client to
support third-party transfers. This is an important implementation for
sites using "firewall" technology, securing access from users or systems
external to their local "Intranet". The support for passive has also
been implemented in the FTP server (FTPSRVR).
The default mode for FTP is "ACTIVE" mode and with the "DEBUG" command
used you can see the FTP Client sends the following port command:
ftp> get /SYS/ARPA/OLDPARMS OLDPARMS
---> PORT 15,44,48,51,240,196
The FTP Client now sends the file:
---> RETR /SYS/ARPA/OLDPARMS
When specifying the "PASSIVE" command, The FTP Client is now in
"PASSIVE" mode and with the "DEBUG" command used you can see the FTP
Client now sends the "PASV" command instead of the "PORT" command and
waits for the server to reply with the Data IP address and Ports.
ftp> passive
Passive mode is on.
ftp> get /SYS/ARPA/OLDPARMS OLDPARMS
---> PASV
The FTP server responds with the reply:
227 Entering Passive Mode (15,70,188,86,251,223).
The FTP Client now sends the file:
---> RETR /SYS/ARPA/OLDPARMS
************************************************************************
PASSWORD option:
************************************************************************
The "PASSWORD = ON" SETPARMS.ARPA.SYS configuration option is a security
enhancement added to the FTP server (FTPSRVR) to support the ability to
restrict the establishment of FTP connections to MPE USER.ACCOUNT's
where at least "one" password (a "USER" password or an "ACCOUNT"
password) must exist.
The system default for this enhancement is "PASSWORD = OFF". This
option can be enabled by adding the line "PASSWORD = ON" to the file
SETPARMS.ARPA.SYS with a supported text EDITOR.
When the SETPARMS.ARPA.SYS file is configured with the "PASSWORD = ON"
option, the FTP server (FTPSRVR) will reject any attempt to establish
an inbound FTP client connection to the HP e3000 for MPE USER.ACCOUNT's
which do not have at least one MPE logon password.
The FTP Client will see the following error message:
530 User log on unsuccessful
If FTP Console Logging is enabled, the FTP server will generate the
following error message to the console:
0:40/#J93/62/FTP INVALID PASSWORD For: "USER.ACCOUNT,PUB" IP=127.0.0.1
************************************************************************
CONSOLE_LOGGING option:
************************************************************************
The "CONSOLE_LOGGING = ON" SETPARMS.ARPA.SYS configuration option is a
security enhancement added to the FTP server (FTPSRVR) to support the
"logging" of MPE session logon attempts (success and failure) on inbound
FTP connections to the HP e3000 system. These messages are logged on
the system console as well as to the MPE system logfiles.
The system default for this enhancement is "CONSOLE_LOGGING = ON". This
option can be disabled by adding the line "CONSOLE_LOGGING = OFF" to the
file SETPARMS.ARPA.SYS with a supported text EDITOR.
The following types of messages will be logged to the HP e3000 system
console as well as to the MPE system logfiles:
1:27/#J93/75/FTP OPEN For: "MANAGER.SYS,PUB" IP=127.0.0.1
0:40/#J93/62/FTP INVALID LOGON For: "INVLUSER.SYS" IP=127.0.0.1
0:40/#J93/62/FTP INVALID PASSWORD For: "MANAGER.SYS,PUB" IP=127.0.0.1
1:35/#J93/75/FTP CLOSE IP=127.0.0.1
************************************************************************
SITE STREAM command:
************************************************************************
The "SITE STREAM" command is an enhancement added to the FTP server
(FTPSRVR) to support the execution "STREAM" of a MPE batch job file from
a FTP client which has already established a connection to the HP e3000.
Syntax:
SITE STREAM {file-name}
The "SITE STREAM" file-name value is a MPE file name. The file name is
assumed to be a valid MPE job stream file and the MPE command ":STREAM
{file-name}" is executed against this file. The return value from this
command is "200 STREAM command ok." or in the case of an error executing
this command a "550" error with an appropriate MPE error message text is
returned.
Note: The MPE job number or the MPE job execution output is not returned
to FTP.
The "SITE STREAM" command now can be turned off by the "SITE_STREAM =
OFF" option in the SETPARMS.ARPA.SYS file.
************************************************************************
Configuration rules for FTPHELLO.ARPA.SYS file:
************************************************************************
The "FTPHELLO" Logon Banner configuration file is a security enhancement
added to the FTP server (FTPSRVR) to support the display of a welcome
message upon connection to the server. The typical contents of this
message is a company's "access disclaimer & legal security policy".
The following configuration rules apply to the FTPHELLO.ARPA.SYS file:
The existence of the file FTPHELLO.ARPA.SYS is the switch which enables
this feature.
Note: The format of the FTPHELLO.ARPA.SYS file has the following rules:
a. This file can be created and edited with a supported editor. This
file should be unnumbered, fixed width ASCII with a record-width of
no more than 72 bytes and with no more than 24 records.
b. Four banner tokens have been implemented:
- If line contains '%C' replace it with server CWD.
- If line contains '%L' replace it with client host domain name.
- If line contains '%R' replace it with server host domain name.
- If line contains '%T' replace it with server time.
c. The text line returned will be truncated to 72 characters after
token substitutions.
d. The text lines returned will be truncated to 24 records.
The banner will be returned to a FTP Client as an informative "230-"
continuation messages terminated by a "230 " message.
example:
:ftp aleta
Name(manager): user.account
230-
230-This system "aleta" is reserved for Network Expert Center use only!
230-Unauthorized use is prohibited by law and people with sticks.
230-
230 User logged on
ftp>
************************************************************************
Configuration rules for FTPUSERS.ARPA.SYS file:
************************************************************************
The "FTPUSERS" logon access configuration file is a security enhancement
added to the FTP server (FTPSRVR) to support an exclusion list of user
logons allowed to connect to the server.
The following configuration rules apply to the FTPUSERS.ARPA.SYS file:
The existence of the file FTPUSERS.ARPA.SYS is the switch which enables
this feature. If FTPUSERS.ARPA.SYS file does not exist FTP will not deny
login of any user. An empty FTPUSERS.ARPA.SYS file will not deny login
of any user.
Note: The format of the FTPUSERS.ARPA.SYS file has the following rules:
a. This file can be created and edited with a supported editor. This
file should be unnumbered, fixed width ASCII with a record-width of
no more than 72 bytes. The physical limit to this file is 4GB,
but performance will be the actual limiting factor.
b. The usernames must appear in the file FTPUSERS.ARPA.SYS one per
line.
c. The MPE usernames can be specified in two formats:
- {username}.{accountname}: The specific user from the specific
account would not be allowed to login.
- {accountname}: All the users from the specified account would not
be allowed to login.
d. Comments start with "#" and must not begin after any username. Any
line containing a "#" will be considered a comment line.
e. Users with SM capability (like MANAGER.SYS) are not restricted by
the FTPUSERS configuration.
f. Specification of the accountname or username.accountname should not
include leading or trailing whitespace character(s).
g. Specification of the accountname or username.accountname is not
case sensitive.
h. In the case of redundant entries, the first entry match to exclude
an accountname or username.accountname is used.
i. Invalid entries will silently be ignored.
The FTP Client will see the following error message:
530 Logon failed, restricted in FTPUSERS.
Error in login. (FTPERR 65)
If FTP Console Logging is enabled, the FTP server will generate the
following error message to the console:
11:27/#J118/74/FTP LOGON RESTRICTED FOR: "{username}" IP=127.0.0.1
Example:
EXTERNAL.PROD
TEST
OPERATOR.SYS
************************************************************************
LOG_COMMANDS option:
************************************************************************
The "LOG_COMMANDS = ON" SETPARMS.ARPA.SYS configuration option is a
security enhancement added to the FTP server (FTPSRVR) and FTP client to
support the "logging" of FTP internal commands sent and received for
both the FTP Client and FTP server. These messages are logged in
FTPLOG##.ARPA.SYS.
Note: The format of the FTPLOG##.ARPA.SYS file has the following rules:
a. The FTPLOG##.ARPA.SYS file is automatically built by the FTP Client
or the FTP server.
b. The file name for logging would be FTPLOG##.ARPA.SYS where
##=00-99.
c. The limit of the number of records before a logfile is switched is
65500.
d. The data format of the logging data fields are ":" delimited to
support importing this data to spreadsheet applications.
e. The date/time stamps are of the system performing the logging, not
of the remote system.
The data format of the logging data fields is:
yyyy/mm/dd:hh.mm.ss:#J/#S:jobname,user.account:ip.ip.ip.ip:C/S
:FTP Commands:
Where:
:yyyy/mm/dd:hh.mm.ss: = Date/Time Stamp of the command executed
:#J/#S: = The MPE Job/Session number
:jobname,user.account: = MPE logon
:ip.ip.ip.ip: = IP address of the non-local system
:C/S: = FTP Client or FTP server is performing the logging
:FTP Commands: = FTP internal client/server command.
Example:
2005/04/07:14.50.28:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:USER MANAGER.SYS:
2005/04/07:14.50.28:#J118:JINETD,MANAGER.SYS:127.0.0.1:S:USER MANAGER.SYS:
2005/04/07:14.50.40:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:PASS **:
2005/04/07:14.50.40:#J118:MANAGER.SYS:127.0.0.1:S:SYST:
2005/04/07:14.50.40:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:SYST:
2005/04/07:14.50.40:#J118:MANAGER.SYS:127.0.0.1:S:SITE MPE/iX FTP Client [A0012S
2005/04/07:14.50.40:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:SITE MPE/iX FTP Cli
2005/04/07:14.50.41:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:TYPE I:
2005/04/07:14.50.41:#J118:MANAGER.SYS:127.0.0.1:S:TYPE I:
2005/04/07:14.50.41:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:SITE TIMEOUT 900:
2005/04/07:14.50.41:#J118:MANAGER.SYS:127.0.0.1:S:SITE TIMEOUT 900:
2005/04/07:14.50.45:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:RNFR X:
2005/04/07:14.50.45:#J118:MANAGER.SYS:127.0.0.1:S:RNFR X:
2005/04/07:14.50.45:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:RNTO X:
2005/04/07:14.50.45:#J118:MANAGER.SYS:127.0.0.1:S:RNTO X:
2005/04/07:14.50.45:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:SITE BUILDPARMS X:
2005/04/07:14.50.45:#J118:MANAGER.SYS:127.0.0.1:S:SITE BUILDPARMS X:
2005/04/07:14.50.45:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:PORT 127,0,0,1,169,
2005/04/07:14.50.45:#J118:MANAGER.SYS:127.0.0.1:S:PORT 127,0,0,1,169,167:
2005/04/07:14.50.45:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:SITE FILELABEL RETR
2005/04/07:14.50.45:#J118:MANAGER.SYS:127.0.0.1:S:SITE FILELABEL RETR X:
2005/04/07:14.50.46:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:SITE USER_LABELS X:
2005/04/07:14.50.46:#J118:MANAGER.SYS:127.0.0.1:S:SITE USER_LABELS X:
2005/04/07:14.50.46:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:PORT 127,0,0,1,169,
2005/04/07:14.50.46:#J118:MANAGER.SYS:127.0.0.1:S:PORT 127,0,0,1,169,168:
2005/04/07:14.50.46:#J118:MANAGER.SYS:127.0.0.1:S:RETR X:
2005/04/07:14.50.46:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:RETR X:
2005/04/07:14.50.49:#J118:MANAGER.SYS:127.0.0.1:S:QUIT:
2005/04/07:14.50.49:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:QUIT:
Note: Once this feature is enabled, it will be important for users to
archive and purge the FTPLOG## files.
************************************************************************
LOG_TRANSFERS option:
************************************************************************
The "LOG_TRANSFERS = ON" SETPARMS.ARPA.SYS configuration option is a
security enhancement added to the FTP server (FTPSRVR) and FTP client to
support the "logging" of FTP file transfer statistics for files sent and
received for both the FTP client and FTP server. These messages are
logged in FTPLOG##.ARPA.SYS.
Note: The format of the FTPLOG##.ARPA.SYS file has the following rules:
a. The FTPLOG##.ARPA.SYS file is automatically built by the FTP Client
or the FTP server.
b. The file name for logging would be FTPLOG##.ARPA.SYS where
##=00-99.
c. The limit of the number of records before a logfile is switched is
65500.
d. The data format of the logging data fields are ":" delimited to
support importing this data to spreadsheet applications.
e. The date/time stamps are of the system performing the logging, not
of the remote system.
The data format of the logging data fields is:
yyyy/mm/dd:hh.mm.ss:#J/#S:jobname,user.account:ip.ip.ip.ip:C/S
:FTP Commands:I/O:I/A/B:bytes_received:seconds:Kbytes/sec:
Where:
:yyyy/mm/dd:hh.mm.ss: = Date/Time Stamp of the command executed
:#J/#S: = The MPE Job/Session number
:jobname,user.account: = MPE logon
:ip.ip.ip.ip: = IP address of the non-local system
:C/S: = FTP client or FTP server is performing the logging
:FTP Commands: = Shortened FTP internal client/server file transfer
command.
:I/O: = Transfer request is Inbound or Outbound of this system
:I/A/B: = Transfer Mode = Image (binary), ASCII, Byte Stream
:bytes_received = Bytes received for entire file transfer
:seconds: = Time in seconds for entire file transfer.
:Kbytes/sec: = Kilobytes transferred per second.
Note: The transfer statistics are the approximately the same as
displayed at the FTP command line following a get/mget.
1127456 bytes received in 0.84 seconds (1317.02 Kbytes/sec)
Example:
2005/04/07:14.53.23:#J118:MANAGER.SYS:127.0.0.1:S:RETR x:O:I:1127456:0.57:1924.8
2005/04/07:14.53.24:#S183:A4450693,MANAGER.SYS:16.113.9.92:C:RETR x:I:I:1127456:
Note: Once this feature is enabled, it will be important for users to
archive and purge the FTPLOG## files.
************************************************************************
SITE_CHMOD option:
************************************************************************
The "SITE_CHMOD = ON" SETPARMS.ARPA.SYS configuration option is a
security enhancement added to the FTP server to support the ability for
an inbound FTP Client to send a "SITE CHMOD {fileaccess} {filename}"
command following a inbound file transfer.
where:
{fileaccess} are standard POSIX file access definition bytes.
{filename} is a file name specified in POSIX HFS name space in the
format "filename" or "/DIRECTORY/filename" and is case sensitive.
note: The functionality of "SITE CHMOD" is limited to the documented
syntax only. Additional features of "SITE CHMOD" present on other
systems have not been implemented in FTP/iX. Specifically the
"[A/O/G/U][+/-][R/W/X]" syntax is not supported. The valid numeric
range for {fileaccess} is from 000 thru 777.
Example:
ftp> site chmod 555 filename
The FTP Client will see the following message:
200 CHMOD command ok.
************************************************************************
SITE_CHOWN option:
************************************************************************
The "SITE_CHOWN = ON" SETPARMS.ARPA.SYS configuration option is a
security enhancement added to the FTP server to support the ability for
an inbound FTP Client to send a...
"SITE CHOWN {new-username[:groupname]} {filename}"
...command following a inbound file transfer.
where:
{new-username} is a valid MPE USER.ACCOUNT logon.
[:groupname] is a valid MPE ACCOUNT
{filename} is a file name specified in POSIX HFS name space in the
format "filename" or "/DIRECTORY/filename" and is case sensitive.
note: The functionality of "SITE CHOWN" is limited to the documented
syntax only. Additional features of "SITE CHOWN" present on other
systems have not been implemented in FTP/iX.
Example:
ftp> site chown MANAGER.SYS filename
The FTP Client will see the following message:
200 CHOWN command ok.
************************************************************************
NETRC file:
************************************************************************
The "NETRC" file is an enhancement added to the FTP Client to support an
automated logon to a remote host. A security enhancement has since been
added to the "NETRC" file to permit read access by the FTP client to a
"NETRC" file which is secured by setting the file access to "eXecute"
and limiting all other access.
Syntax:
machine ["]machine_name["] login ["]user["] password ["]passwd["]
or
default login ["]user["] password ["]passwd["]
Example:
machine "HPSYS" login "MANAGER.SYS" password "USERPASS,ACCTPASS"
or
default login "MGR.TELESUP" password "USERPASS,ACCTPASS"
The file is called "NETRC.{home-group}. File equations can be used.
Syntax:
:file NETRC.{home-group}=NETRC.{other-group}.{other-account}
Note: The format of the NETRC.{home-group} file has the following rules:
a. This file can be created and edited with a supported editor. This
file should be unnumbered, fixed width ASCII with a record-width of
no more than 72 bytes.
b. The syntax for each line of the file is:
machine ["]machine_name["] login ["]user["] password ["]passwd["]
or
default login ["]user["] password ["]passwd["]
c. There should be at most one "default" entry per file.
d. Each of the tokens "machine", "login", "password" and "default"
must match exactly, and must be in lower-case.
e. Each token must be separated by any number of SPACE or TAB
characters.
f. Each {string} identifier may be encapsulated by double-quotes,
i.e. e.g.,
machine "HPSYS" login "MGR.TELESUP" password "USERPASS,ACCTPASS"
And
machine HPSYS login MGR.TELESUP password USERPASS,ACCTPASS
are equivalent. This feature would be useful when a space is
embedded as part of a password, for example.
g. The node name specified in the netrc file is "CaSe SeNsItIvE" and
must match the case of the node name specified in the open command.
Note: unencrypted passwords stored in a file like this constitute a
security risk. If this is a problem, try the following command:
:altsec NETRC.{home-group}.{account};access=(R,A,W,L:CR;X:AC)
Additional security can be applied by implementing ACD's for the
NETRC file specifying which users have "eXecute" access.
************************************************************************
DEBUG_PASSWORD option:
************************************************************************
The "DEBUG_PASS = OFF" SETPARMS.ARPA.SYS configuration option is a
security enhancement added to the FTP server to default the "debug"
command display to report "---> PASS ********" rather than "--->
PASS userpass,acctpass". This security enhancement has been added in
concert with enhanced NETRC "eXecute" security.
The "debug" command at the FTP client prompt puts FTP into diagnostic
mode. The FTP client and server internal commands are displayed to the
$stdlist of the client in this mode. If "debug" is specified before an
open, then after the user is prompted for logon passwords with echo
disabled or a NETRC file is processed, the "debug" mode would then
display "---> PASS userpass,acctpass".
:ftp
ftp> debug
ftp> o system
Name(manager): MGR.TEST
---> USER MGR.TEST
331 Password required for MGR.TEST. Syntax: userpass
Password:
---> PASS PASS {password is displayed}
The new default is for the FTP client with "DEBUG" mode to display
"---> PASS ********".
:ftp
ftp> debug
ftp> o system
Name(manager): MGR.TEST
---> USER MGR.TEST
331 Password required for MGR.TEST. Syntax: userpass
Password:
---> PASS ******** {password is not displayed}
The SETPARMS file can be modified to return the original functionality
for troubleshooting logon passwords to a FTP server by specifying
"DEBUG_PASS = ON".
************************************************************************
Configuration rules for SETPARMS.ARPA.SYS file:
************************************************************************
The "SETPARMS" file is the global configuration file for optional & new
functionality in both the FTP client (FTP) and the FTP server (FTPSRVR).
The following configuration rules apply to the SETPARMS.ARPA.SYS file:
CONSOLE_LOGGING = {ON/OFF}
DEBUG_PASS = {ON/OFF}
LOG_COMMANDS = {ON/OFF}
LOG_TRANSFERS = {ON/OFF}
PASSWORD = {ON/OFF}
PERMISSION_DELETE = {ON/OFF}
PERMISSION_OVERWRITE = {ON/OFF}
PERMISSION_RENAME = {ON/OFF}
POSIX = {ON/OFF}
SITE_CHMOD = {ON/OFF}
SITE_CHOWN = {ON/OFF}
SITE_STREAM = {ON/OFF}
Note: The format of the SETPARMS.ARPA.SYS file has the following rules:
a. This file can be created and edited with a supported editor. This
file must be unnumbered, fixed width ASCII with a record-width of no
more than 72 bytes.
b. Upper/Lower case letters can be used.
c. Blank spaces are not a problem.
d. The parameters can be entered in the file in any order.
e. Only the following keywords are allowed:
CONSOLE_LOGGING, DEBUG_PASS, LOG_COMMANDS, LOG_TRANSFERS, PASSWORD,
PERMISSION_DELETE, PERMISSION_OVERWRITE, PERMISSION_RENAME, POSIX,
SITE_CHMOD, SITE_CHOWN and SITE_STREAM
f. Invalid keywords or parameters are silently ignored.
g. By default if these keywords are not in SETPARMS.ARPA.SYS or if the
SETPARMS.ARPA.SYS file does not exist the following are the defaults:
console_logging = on
debug_pass = off
log_commands = off
log_transfers = off
password = off
permission_delete = on
permission_overwrite = on
permission_rename = on
posix = off
site_chmod = off
site_chown = off
site_stream = on
A sample of how to enable options as a default for your system:
------------------------------------------------------------
:editor
HP32201A.09.00 EDIT/3000 MON, JUL 31, 2000, 7:19 PM
(C) HEWLETT-PACKARD CO. 1993
/a
1 site_chmod=ON
2 //
...
/k SETPARMS.ARPA.SYS,UNN;E
END OF SUBSYSTEM
:
------------------------------------------------------------
************************************************************************
Configuration rules for FTPACCES.ARPA.SYS file "noretrieve" option:
************************************************************************
The "FTPACCES" file access configuration file is a security enhancement
added to the FTP server (FTPSRVR) to support an exclusion list of files
accessible with the FTP GET and MGET commands.
The following configuration rules apply to the FTPACCES.ARPA.SYS file:
The existence of the file FTPACCES.ARPA.SYS is the switch which enables
this feature. If FTPACCES.ARPA.SYS file does not exist FTP will not
deny access of any file. An empty FTPACCES.ARPA.SYS file will not deny
access of any file.
The syntax of the "noretrieve" option is:
noretrieve {file}|{/directory/file}|{/directory/}|{repeat}
The following three formats of the "noretrieve" option are supported in
the FTPACCES.ARPA.SYS:
a. noretrieve /file1 /dir/file2 /dir/dir/file3 /ACCT/GROUP/FILE4
b. noretrieve file5 File6 FILE7
c. noretrieve /dir/ /dir/dir/ /ACCT/ /ACCT/GROUP/
Note: The format of the FTPACCES.ARPA.SYS file has the following rules:
a. This file can be created and edited with a supported editor.
This file must be unnumbered, fixed width ASCII with a
record-width of no more than 255 bytes. The physical limit to
this file is 4GB, but performance will be the actual limiting
factor.
b. The entry "noretrieve {filelist}" is a space-separated list of file
names specified in three formats that can be intermixed; this is a
list of files that can not be retrieved, either by get or mget.
If one line can not contain the whole list of files that the owners
want to make non-retrievable, multiple lines starting with
"noretrieve" can be used. Leading or trailing white space
character(s) are considered file name delimiters.
c. All files or file sets specified in the filelist must follow the
POSIX HFS notation (not the traditional MPE FILE.GROUP.ACCOUNT
syntax).
i. In the first format "absolute path" names (meaning the name
begins with a slash, "/") will deny access to a single file.
For example "noretrieve /tmp/syslog.log". A traditionally
named MPE file FILE.GROUP.ACCT must be specified as
/ACCT/GROUP/FILE, all in uppercase. For example "noretrieve
/SYS/PUB/CATALOG".
ii. In the second format "simple" file names (meaning file names
that do not include a slash) will deny access to all files
with that exact name "regardless of location" in / or any
/directory/, or any /ACCT/directory/, or any /ACCT/GROUP/.
Example: "noretrieve NETRC" would deny access to the file
"NETRC" at /NETRC, /tmp/NETRC, /SYS/NETRC and /SYS/NET/NETRC.
Note: This filelist specification is case-sensitive because
this is the specification for POSIX file naming conventions,
it means that "NETRC" is a different file than "Netrc" and
"netrc".
iii. In the third format "absolute path" names terminated with a
slash "/" (meaning the directory name or account name or group
name ends with a slash, "/") will deny access to all files in
a /directory/, /ACCT/, /ACCT/GROUP/, /ACCT/directory/ or
/ACCT/GROUP/directory/. For example "noretrieve /SYS/PUB/"
denies access to all traditionally named MPE files in
@.PUB.SYS as well as any HFS-name files or directories found
within or under /SYS/PUB. Likewise "noretrieve /etc/" denies
access to all files contained in the directory /etc/.
d. The FTPACCES file supports only three commands (chroot, noretrieve
and # "comment"); invalid commands are silently ignored. Invalid
parameters to the "chroot" and "noretrieve" commands will be
reported to the file FTPLOG.ARPA.SYS, including invalid POSIX
characters (e.g. "+" or "-"), wild card characters (e.q. "@" or
"*"), and incorrectly specified or relative pathnames (e.q.
"./dir", "./../" or "./../dir"). Note: These errors are reported
when FTPSRVR is forked "created" by INETD.
e. In any line all characters after hash (#) are considered as
comment and are ignored.
f. Users with SM capability (like MANAGER.SYS) are not restricted by
the FTPACCES configuration.
----------------------------------------------------------------------
A sample of how to set file access restrictions for your system:
------------------------------------------------------------
/SYS/WORK: editor
HP32201A.09.00 EDIT/3000 SUN, FEB 26, 2006, 5:20 PM
(C) HEWLETT-PACKARD CO. 1993
/set length=255
/set right=255
/a
1 # FTPACCES.ARPA.SYS noretrieve files.
2 noretrieve /SYS/PUB/
3 noretrieve NETRC
4 noretrieve .netrc
5 noretrieve /SYS/ARPA/FTPACCES
6 //
...
/k FTPACCES.ARPA.SYS,UNN;E
END OF SUBSYSTEM
:
------------------------------------------------------------
**********************************************************************
Configuration rules for FTPACCES.ARPA.SYS file "chroot" option:
**********************************************************************
The "chroot" FTPACCES.ARPA.SYS configuration option is a security
enhancement added to the FTP Server to limit inbound FTP client
commands cd, put, get, mput, mget and dir to the configured "current
working directory" (CWD) and below. With chroot enabled, users would
be unable to (cd) move up (towards slash "/" root), (dir) view file
list and (put, get, mput & mget) access files up the directory
structure.
The following configuration rules apply to the FTPACCES.ARPA.SYS file:
The existence of the file FTPACCES.ARPA.SYS is the switch that enables
this feature. If FTPACCES.ARPA.SYS file does not exist FTP will not
deny access of any directory. An empty FTPACCES.ARPA.SYS file will
not deny access of any directory.
The syntax of the chroot option is:
chroot {user}|{@}.{account}|{@} {empty}|{/ACCT/GROUP}|{/{directory}
The following eight formats of the "chroot" option are supported in
the FTPACCES.ARPA.SYS:
a. chroot user.acct root_dir - The specified user is chroot'd to
root_dir.
b. chroot user.acct - The specified user is chroot'd to
their home group.
c. chroot @.acct root_dir - All the users from the specified
account are chroot'd to root_dir.
d. chroot @.acct - All the users from the specified
account are chroot'd to the user's
home group.
e. chroot user.@ root_dir - The user at all accounts are chroot'd
to root_dir.
f. chroot user.@ - The user at all accounts are chroot'd
to their home group.
g. chroot @.@ root_dir - All users are chroot'd to
root_dir.
h. chroot @.@ - All users are chroot'd to their
home group.
Note: The format of the FTPACCES.ARPA.SYS file has the following rules:
a. This file can be created and edited with a supported editor.
This file must be unnumbered, fixed width ASCII with a
record-width of no more than 255 bytes. The physical limit to
this file is 4GB, but performance will be the actual limiting
factor.
b. The entry "chroot {command}" is one line per command request of
logon user.acct name specifying the home logon directory where the
root "/" is set.
c. The logon "user.acct" parameter of the chroot command must be
specified in MPE user.acct notation and accepts no wildcards except
'@' which is supported in user.acct; '@' can be used only in the
three formats '@.@' or '@.acct' or 'user.@' but not in the format's
of 'use@.acct' or 'user.@acct'.
d. The "root_dir" parameter of the chroot command must be specified in
the POSIX HFS notation (not traditional MPE FILE.GROUP.ACCOUNT
syntax) using an absolute pathname from root (meaning the name
begins with a slash, "/"). A traditional named MPE GROUP.ACCOUNT
must be specified as /ACCOUNT/GROUP all in uppercase.
Specification of directories outside of MPE file space are case
sensitive and can be any combination of upper case & lower case
and must exactly match the actual directory.
e. The precedence of the eight chroot formats is: a>b>c>d>e>f>g>h
irrespective of their occurrence in the FTPACCES file.
f. The FTPACCES file supports only three commands (chroot, noretrieve
and # "comment"); invalid commands are silently ignored. Invalid
parameters to the "chroot" and "noretrieve" commands will be
reported to the file FTPLOG.ARPA.SYS, including invalid POSIX
characters (e.g. "+" or "-"), wild card characters (e.q. "@" or
"*"), and relative pathnames (e.q. "./dir", "./../" or "./../dir").
Note: These errors are reported when FTPSRVR is forked "created"
by INETD.
g. In any line all characters after hash (#) are considered as
comment and hence are ignored.
h. The "root_dir" parameter of the chroot command takes precedence
over the user.account,group logon string and the user's MPE
configured home group.
i. Users with SM capability (like MANAGER.SYS) are not restricted by
any FTPACCES chroot configuration.
j. Anonymous FTP will continue to logon the FTP special users
"anonymous" and "ftp" to /FTPGUEST/PUB regardless of any matching
user.account CHROOT entries in the FTPACCES file (i.e. anonymous
FTP completely ignores CHROOT).
k. Chroot does not follow links. This is consistent with the
behavior thru out FTP/iX.
Examples:
1 chroot OPERATOR.SYS /SYS/OPERATOR
2 chroot MGR.SENDMAIL /SENDMAIL
3 chroot @.TELESUP /TELESUP/WORK
4 chroot @.PROD
5 chroot TESTUSER.@ /tmp
6 chroot @.@ /FTPGUEST/PUB
In the above examples
1. The user OPERATOR.SYS is limited to the group /SYS/OPERATOR/ and
any directories under /SYS/OPERATOR/.
2. The user MGR.SENDMAIL is limited to all of the groups and
directories in the SENDMAIL account: /SENDMAIL/, /SENDMAIL/A0200/
and /SENDMAIL/PUB/.
3. The users of the TELESUP account are limited to the group
/TELESUP/WORK and any directories under /TELESUP/WORK/.
4. The users of the PROD account are limited to their home group
and any directories under their home group.
5. All TESTUSER in all accounts are limited to the /tmp directory of
the system and any directories under the /tmp directory.
6. All remaining users of the system are limited to the PUB group of
the FTPGUEST account and any directories under the
/FTPGUEST/PUB/ directory.
note: Precedence is specified user.acct > @.acct > user.@ > @.@.
A sample of how to set file access restrictions for your system:
------------------------------------------------------------
/SYS/WORK: editor
HP32201A.09.00 EDIT/3000 SUN, FEB 26, 2006, 5:20 PM
(C) HEWLETT-PACKARD CO. 1993
/set length=255
/set right=255
/a
1 # FTPACCES.ARPA.SYS chroot logon.
2 chroot OPERATOR.SYS /SYS/OPERATOR
3 chroot MGR.SENDMAIL /SENDMAIL
4 chroot @.TELESUP /TELESUP/WORK
5 chroot @.PROD
6 chroot TESTUSER.@ /tmp
7 chroot @.@ /FTPGUEST/PUB
8 //
...
/k FTPACCES.ARPA.SYS,UNN;E
END OF SUBSYSTEM
:
------------------------------------------------------------
**********************************************************************
PERMISSION_DELETE, PERMISSION_OVERWRITE, PERMISSION_RENAME options:
**********************************************************************
The "PERMISSION_DELETE", "PERMISSION_OVERWRITE" and
"PERMISSION_RENAME" SETPARMS.ARPA.SYS configuration options are
security enhancements added to the FTP Server to support the ability
to limit the inbound FTP Client commands del, put, mput and rename.
Users would be able to put files to file names that did not already
exist, but depending on the configured "PERMISSION_" set to "OFF" they
could not delete, rename or modify a file that already exist.
note:
a. The default setting for each of these options is "ON", which
does not deny access and is the default implementation prior
to this enhancement.
b. Users with SM capability (like MANAGER.SYS) are not restricted by
the these configuration options.
A sample of how to enable permissions as a default for your system:
------------------------------------------------------------
:editor
HP32201A.09.00 EDIT/3000 MON, JUL 31, 2000, 7:19 PM
(C) HEWLETT-PACKARD CO. 1993
/a
1 permission_delete = off
2 permission_overwrite = off
3 permission_rename = off
4 //
...
/k SETPARMS.ARPA.SYS,UNN;E
END OF SUBSYSTEM
:
**********************************************************************