Securing FTP/iX

ManualsBrandsHP ManualsSoftwareMPE/iX 6.5 Operating System

The entry "noretrieve {filelist}" is a space-

separated list of file names specified in three formats as

mentioned above. This is a list of files that can not be retrieved, either by get or mget. If the list of files that

need to be made non-

retrievable exceeds the record width, multiple lines starting with "noretrieve" can be

used.

All files or file sets specified in the filelist must follow the POSIX HFS notation (not the traditional MPE

FILE.GROUP.ACCOUNT notation)

ü Syntax:

•

Absolute path names can be specified, which will deny access to a single file. For example

"noretrieve /tmp/syslog.log" prevents access to this one file.

•

A traditionally named MPE file FILE.GROUP.ACCT must be specified as /ACCT/GROUP/FILE, all in

uppercase. For example "noretrieve /SYS/PUB/CATALOG" denies access to this one file.

•

If just the file name is mentioned (no directory, group, or account names present), then access will be

denied to all files with that exact name, regardless of its location. Example: "noretrieve NETRC"

would deny access to the file "NETRC" at /NETRC, /tmp/NETRC, /SYS/NETRC, /SYS/NET/NETRC

etc. Note: the filename is case sensitive, and thus access is not restricted (by FTP) to a file named

“/tmp/NetRC”

•

A third format is an absolute path name terminated with a slash "/". This will deny access to all files

in the absolute directory specified. For example "noretrieve /SYS/PUB/" denies access to all

traditionally named MPE files in @.PUB.SYS as well as any HFS-namespace files or directories

under /SYS/PUB. Likewise "noretrieve /etc/" denies access to all files contained in the

directory /etc/ one below.

•

Filenames embedded with invalid characters like ‘+’, ‘-‘

etc., and wild characters like @ and* etc.,

are considered as invalid names and are reported in FTPLOG.ARPA.SYS as an invalid entry. Any

changes to this file will get reflected in the next FTP logon session.

6.2.3 Examples for noretrieve option

Let us assume the sample configuration above(refer to section 6.2.1 for sample configuration file). This will restrict

users from retrieving all the files from /SYS/NET or from a directory within /SYS/NET. Files named TMPTRACE

irrespective of the directory, in which it resides, will also not be retrievable.

1. If one tries to retrieve any file that is marked irretrievable, FTP/iX will display the following message when debug

mode is turned ON:

ftp > get /SYS/NET/STRACE

550 STRACE is marked non-retrievable.

File access denied, command restricted. (FTPERR 78).

In the regular (non-debug) mode, FTP will issue the following error:

ftp > get /SYS/NET/STRACE

File access denied, command restricted. (FTPERR 78).

6.2.4

Configuring the FTPACCES CHROOT option

As discussed in the previous section, the second restriction is the CHROOT

option, which quarantines a user to a

specified location in the FTP server’s directory structure.

This will limit inbound FTP client commands like Change

Directory (CD), GET, PUT, MPUT, MGET and DIR to the configured current working directory (CWD) and below.

Page

Secure FTP on MPE/iX

7/18/2008

http://jazz.external.hp.com/papers/Securing

FTP

Whitepaper.html