Manualshelf

Securing FTP/iX

ManualsBrandsHP ManualsSoftwareMPE/iX 7.0 Operating System
11121314151617181920
All of the options below CONSOLE _LOGGING in the list above are new.
6.3.1
Configuring SETPARMS for file permission denial
Here is a sample listing of the SETPARMS configuration file:
# Purpose: support of file PERMISSION DENIAL, LOG COMMANDS and TRANSFER, and DEBUG_PASS FTP/iX
options.
# PERMISSION DENIAL restricts FTP users from deleting, renaming, and overwriting files on the FTP server
# LOG COMMANDS and TRANSFER will log the statistics of the command and transfers between the FTP/iX server
# and client.
# DEBUG_PASS will prevent the display of the password while logging on in debug mode.
# Syntax: PERMISSION_DELETE= ON/OFF, PERMISSION_RENAME=ON/OFF,
PERMISSION_OVERWRITE=ON/OFF
# Syntax: LOG_COMMANDS = ON/OFF and LOG_TRANSFER = ON/OFF.
# Syntax: DEBUG = ON/OFF
# Leading and trailing spaces have no affect and all the entries are case insensitive.
PERMISSION_DELETE = off
PERMISSION_OVERWRITE = ON
PERMISSION_RENAME = On
6.3.2
Specific configuration rules for file permission denial
ü
The default setting for each of these options is "ON". This prevents FTP/iX from enforcing its own file security
rules
ü
Users with SM capability are not restricted by the permission configuration options.
ü
Any changes to this file will get reflected in the next FTP logon session.
6.3.3
Examples for Permission denial
6.3.3.1
Permission RENAME
ü
If a user does not have SM capability and rename permission in configuration file SETPARMS.ARPA is set
to OFF, any rename done by this user should fail:
ftp> rename strace strace01
350 File exists, ready for destination name.
550 Command access denied, permission restricted.
Rename command "RNTO strace01" failed. (FTPERR 69)
ftp>
ü
If a user does not have SM capability and the rename permission in SETPARMS.ARPA is set to ON, all
renames should be successful, provided there are no MPE/iX based security restrictions on the file being
renamed:
ftp> rename strclean strcln
350 File exists, ready for destination name.
250 RNTO file action successful.
Page
15
of
28
Secure FTP on MPE/iX
7/18/2008
http://jazz.external.hp.com/papers/Securing
-
-
Whitepaper.html