Securing FTP/iX

ManualsBrandsHP ManualsSoftwareMPE/iX 7.0 Operating System

6 FTP/iX Security Details

This section explains how to properly configure and use the new FTP/iX security features, and is divided into three

sub-sections. Each sub-

section describes how to build the different configuration files: FTPUSERS, SETPARMS, and

FTPACCES.

6.1 FTPUSERS.ARPA.SYS

This file contains one or more user names that will be denied logon to the FTP/iX server, unless the user has SM

capability. A hash mark (#) is used to denote a comment, as seen in the sample below.

Syntax: [UserName.]AcctName, one name per record.

6.1.1

Configuring FTPUSERS file

Sample configuration file FTPUSER:

# Purpose: to deny the list of users below, logon to the FTP/iX server running on this system.

# Syntax: [UserName.]AcctName one name per line

# Wildcards, e.g., “@”, are not supported. Leading and trailing spaces are ignored,

# and all text is case insensitive.

# Example: to deny FTP logon to the user MGR.PROD enter “MGR.PROD” below on a

# separate line (and without the quotes).

# Example: to deny FTP logon to all users in the PURCH account enter “PURCH” below on a

# separate line (and without the quotes).

# will restrict user Testmgr of SYS account.

Testmgr.SYS

# will restrict all the users of TELESUP account.

TELESUP

# will not be restricted as the user has SM capability.

MANAGER.SYS

The FTPUSERS file is not created automatically, thus the FTP/iX default is to not restrict logon based upon user ID.

However, the absence of a particular user ID in the FTPUSERS file does not

exempt the user from entering the

necessary passwords so that MPE/iX can authorize the user on the FTP/iX server.

6.1.2 FTPUSERS configuration rules

Note: if this file is missing (default) or empty then there are no additional FTP/iX user ID based logon restrictions in

place on the FTP/iX server. However, normal MPE/iX user validation is enforced, as always.

ü FTPUSERS.ARPA.SYS may be created and edited with any supported editor.

This file should be kept

unnumbered, fixed width, ASCII with a record-width of not more than 72 bytes.

The file can be up to 4GB

in size, but the performance of the linear scan will be a limiting factor.

The user names must appear one per line.

The user names can be specified in two formats:

•

{username}.{accountname}: The specific user of the specific account will not

be allowed to logon to

the FTP/iX server.

Page

Secure FTP on MPE/iX

7/18/2008

http://jazz.external.hp.com/papers/Securing

FTP

Whitepaper.html