Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Administering a System: Managing System Security
Controlling Security on a Network
Chapter 8786
The
service-name
is the official name (not an alias) of a valid service in
the file /etc/services. The
service-name
for RPC-based services
(NFS) is the official name (not an alias) of a valid service in the file
/etc/rpc. The wildcard character * and the range character - are
permitted in addresses.
Refer to inetd.sec (4) for complete details on the syntax and use of this
file.
Denying Access with /etc/ftpd/ftpusers
ftpd, the file transfer protocol server, is run by the Internet daemon (see
inetd (1M)) when a service request is received at the port indicated in
/etc/services.
ftpd rejects remote logins to local user accounts named in
/etc/ftpd/ftpusers. Each restricted account name must appear by
itself on a line in the file. The line cannot contain any spaces or tabs.
User accounts with restricted login shells in /etc/passwd should be
listed in /etc/ftpd/ftpusers, because ftpd accesses local accounts
without using their login shells. uucp accounts should also be listed in
/etc/ftpd/ftpusers.If/etc/ftpd/ftpusers does not exist, ftpd skips
the security check.
NOTE In HP-UX versions prior to 11.
x
, this file is named /etc/ftpusers.
Files Mounted in an NFS Environment
A Network File System (NFS) is used to
• Save file space
• Maintain consistent file usage
• Provide a lean cooperative user environment.
NFS streamlines file-sharing between server and client systems by
controlling access via the /etc/exports file. Entries in /etc/exports
provide permission to mount a file system existing on the server onto any
client machine or a specified list of machines. Once a file system is put
into /etc/exports, the information is potentially available to anyone
who can do an NFS mount. Thus, the NFS client user can access a server