WU-FTPD 2.4 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1 Networking Software

HP 9000 Series Computers

Version 2.4

Manufacturing Part Number: 5971-2286

E0698

United States

Summary of content (29 pages)

PAGE 2
Legal Notices The information in this document is subject to change without notice. Hewlett-Packard makes no warranty of any kind with regard to this manual, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be held liable for errors contained herein or direct, indirect, special, incidental or consequential damages in connection with the furnishing, performance, or use of this material. Warranty.
PAGE 3
©copyright 1980, 1984, 1986 Novell, Inc. ©copyright 1986-1992 Sun Microsystems, Inc. ©copyright 1985-86, 1988 Massachusetts Institute of Technology. ©copyright 1989-93 The Open Software Foundation, Inc. ©copyright 1986 Digital Equipment Corporation. ©copyright 1990 Motorola, Inc. ©copyright 1990, 1991, 1992 Cornell University ©copyright 1989-1991 The University of Maryland ©copyright 1988 Carnegie Mellon University Trademark Notices UNIX is a registered trademark of The Open Group.
PAGE 4
PAGE 5
Contents 1. WU-FTPD 2.4 Release Notes Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8 WU-FTPD Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9 What’s New in this Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10 New ftp Daemon Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11 New ftp Support Commands . . . . . . . . . . . . . . . . .
PAGE 6
Contents 6
PAGE 7
1 WU-FTPD 2.
PAGE 8
Overview Overview • What’s New in this Version of ftp • New ftp Daemon Options • New ftp Support Commands • New ftp Configuration Files — The ftpaccess Configuration File — The ftpconversion Configuration File — The ftphosts Configuration File — The ftpusers Configuration File — The ftpgroups Configuration File — The xferlog Configuration File • Setting Up Virtual ftp Support • Setting Up a Secure Version of ftp 8 WU-FTPD Release Notes for Version 2.
PAGE 9
WU-FTPD Overview WU-FTPD Overview The new version of ftp has been made available for HP-UX as follows: HP-UX Release ftp Patch June 1998 11.0 PHNE_14479, released in June 1998, superseded by PHINE_17188 11i part of the core networking products All the features of the existing (“legacy”) ftp are present in the new version of ftp along with additional functionality. This June 1998 version of ftp contains WU-FTPD 2.4 ftp server changes and its therefore also referred to as WU-FTPD 2.4.
PAGE 10
What’s New in this Version What’s New in this Version WU-FTPD 2.
PAGE 11
New ftp Daemon Options New ftp Daemon Options The following new options are used for the ftp daemon, /usr/lbin/ftpd. You specify these options in the ftp entry of the inetd configuration file (typically /etc/inetd.conf). An example ftp entry in the /etc/inetd.
PAGE 12
New ftp Daemon Options • -o This option logs all outgoing (transmitted) files by ftpd to /var/admin/syslog/xferlog. Note that the “log transfers” entry in the /etc/ftpd/ftpaccess file will overwrite this option. • -L This option logs all user commands sent to the ftpd server into syslog. Be aware that using this option will log any user command, that is if the user accidently enters a password for a command instead of the username, it will cause the password to be logged via syslog.
PAGE 13
New ftp Support Commands New ftp Support Commands The following new support commands are available with this version of ftp: • ftpcount This command shows the current number of users for each class and the limit for each class as defined in the /etc/ftpd/ftpaccess file. If the ftpaccess file does not exist, the ftpcount command will not display anything. However, if the ftpaccess file exists and is 0 bytes, then an error message will be displayed. For more details, see the ftpcount (1) manpage.
PAGE 14
New ftp Support Commands (You will create the shutdown message file with the ftpshut command in a later step.) 2. To enable the ftpaccess file, specify the -a option in the ftp entry of the inetd configuration file (typically /etc/inetd.conf).
PAGE 15
New ftp Configuration Files New ftp Configuration Files The following configuration files have been newly introduced in ftp: • /etc/ftpd/ftpaccess This is the primary configuration file for defining the operation of the ftp daemon. • /etc/ftpd/ftpconversions This file defines options for compression/decompression and tar/un-tar operations. • /etc/ftpd/ftphosts This file lets you allow/deny ftp account access according to source IP addresses and hostnames.
PAGE 16
New ftp Configuration Files /etc/inetd.conf file. You can use the ftpaccess configuration file to set access capabilities, informational capabilities, logging, permissions, regular expression capabilities, and others, which are explained below. Setting Access Capabilities NOTE For details on the following keywords, see the ftpaccess(4) manpage.
PAGE 17
New ftp Configuration Files only. noretrieve .... Allows you to deny retrievability of specified files. For example you may wish to always deny retrievability of the /etc/passwd file. loginfails This entry allows you to log a "repeated login failures" message and terminate the ftp connection after a specified number of login failures.
PAGE 18
New ftp Configuration Files making use of the ftp server. Not all clients can handle multi-line responses (which is how the banner is displayed). email Defines the email address of the ftp archive maintainer. message Allows you to define a message file so that ftp will display the file to the user at login time or when the user changes to the specified directory.
PAGE 19
New ftp Configuration Files transfers from the server (outbound). Setting Permission Capabilities The following keywords can be used for setting up permissions capabilities in the /etc/ftpd/ftpaccess file. NOTE For details on the following keywords, see the ftpaccess(4) manpage. chmod delete overwrite rename umask Allows or disallows the ability to perform the specified function. By default, all users are allowed.
PAGE 20
New ftp Configuration Files will be displayed to the user. upload Defines a directory that permits or denies uploads. Setting Additional Capabilities The following keywords can be used for setting up additional capabilities in the /etc/ftpd/ftpaccess file. NOTE For details on the following keywords, see the ftpaccess(4) manpage. alias Defines an alias for a directory. Aliases only apply to the cd command. cdpath Defines an entry in the cdpath.
PAGE 21
New ftp Configuration Files a planned shutdown, so that users are notified and new connections are denied after a specified time before shutdown. The shutdown file can also specify that current connections are dropped at a specified time before shutdown. See the ftpshut (1) manpage for details. virtual Enables the virtual ftp server capabilities.
PAGE 22
New ftp Configuration Files Enabling/Disabling tar and compression You enable/disable tar and compression in /etc/ftpd/ftpaccess file, by specifying yes or no with the tar and compression keywords. The default is "yes" to enable tar and compression. NOTE For more details, see the ftpconversions (4) manpage. The ftphosts Configuration File The new /etc/ftpd/ftphosts configuration file can be used to deny/allow access to certain accounts from specified hosts.
PAGE 23
New ftp Configuration Files The ftpgroups Configuration File The /etc/ftpd/ftpgroups file is the group password file for use with the SITE GROUP and SITE GPASS commands. A sample file is provided in /usr/newconfig/etc/ftpd/ftpgroups. You can edit this file and copy it to /etc/ftpd/ftpgroups. NOTE For more details, see the ftpgroups (4) manpage. The xferlog Log File The new /var/adm/syslog/xferlog file logs file transfer information from the ftp server daemon.
PAGE 24
New ftp Configuration Files • filename This is the name of the transferred file. • transfer-type This is a single character indicating the type of transfer. Can be one of 1. for an ascii transfer 2. for a binary transfer • special-action-flag This is one or more single character flags indicating any of the following special action taken.
PAGE 25
New ftp Configuration Files • servicename This is the name of the service being invoked, usually ftp. • authentication-method This is the method of authentication used. Can be one of: 0 1 none RFC931 Authentication • authenticated-user-id This is the user id returned by the authentication method. A * is used if an authenticated user id is not available. • current-time-in-seconds This is the current local time in seconds. • cpu-utilization This is the total cpu utilization for one ftp session.
PAGE 26
Virtual ftp Support Virtual ftp Support Virtual ftp support allows you to manage an ftp server for two separate domains on the same machine. Basically, virtual ftp allows an administrator to configure systems so that user1 connecting via ftp to ftp.domain1.com gets one ftp banner and ftp directory, while user2 connecting via ftp to ftp.domain2.com gets another banner and directory. (This occurs even though the users are on the same machine and are using the same ports).
PAGE 27
Virtual ftp Support to the /virtual directory. You will need to make sure that any files referenced after the chroot are in the virtual server. (The same way it is done while setting up an anonymous ftp account.) WU-FTPD Release Notes for Version 2.
PAGE 28
Setting Up a Secure Version of ftp Setting Up a Secure Version of ftp With HP-UX 11.0, a unified binary is available for ftp which can operate as both a Kerberos and non-Kerberos service. To have ftp operate in a secure environment, enable the secure environment using the following command on the command-line: /usr/sbin/inetsvcs_sec enable This command will update the system file /etc/inetsvcs.conf with an entry "kerberos true".
PAGE 29
Index Index 29