Securing FTP/iX

ManualsBrandsHP ManualsSoftwareMPE/iX 7.0 Operating System

•

{accountname}: All the users from the specified account will not

be allowed to logon to the FTP/iX

sever.

ü Comments begin with”#".

Embedded comments are not recognized Users with SM capability (such as

MANAGER.SYS) are not restricted by the FTPUSERS configuration.

Specification of the account name or user.account can include leading or trailing whitespace characters,

and is not case sensitive. Upper, lower, and mixed case names are treated the same.

ü In the case of redundant or ambiguous entries, the first file entry to match the user’

s FTP/iX logon ID is

used. Thus, more specific entries, such as a certain user.account, should precede more generic entries, such

as an account name.

Invalid entries will silently be ignored without logging.

Wildcards are not supported.

Any changes in FTPUSERS file will get reflected during the next FTP login. The changes will also get

reflected if the user issues a login command (e.g. user smith.sys) within an already running FTP session.

6.1.3 Examples

Let us assume a FTPUSERS.ARPA.SYS file as listed above (refer section 6.1.1):

This FTPUSERS file prevents the users TESTMGR.SYS, OPERATOR.SYS and all users in the TELESUP account from

logging on to the hosting FTP/iX server.

1. If a user tries to logon FTP/iX as TESTMGR.SYS, the following error is displayed on the users $stdlist:

ftp> user testmgr.sys

530 User log on unsuccessful

User not logged in. (FTPERR 65)

Remote system type is MPE/iX

2. If a user attempts to logon to FTP/iX in the TELESUP account, the following error is reported:

ftp> user MGR. TELESUP

530 Logon failed, restricted in FTPUSERS.

User not logged in. (FTPERR 65)

Remote system type is MPE/iX.

3. If a user tries to logon to FTP/iX as MANAGER.SYS, FTP/iX will not

restrict logon since this user as user has SM

capability. However, the user will still need to provide the correct user and account passwords.

ftp> user manager.sys

230-'/SYS/PUB'

230-"pass1”

230-”pass2”

230-'12:51 PM'

230-end of ftp hello file

230 User logged on

Remote system type is MPE/iX

200 Type set to I.

If FTP Console Logging is enabled, the FTP/iX server will generate an error message of this type on the console:

13:00/#J4/83/FTP LOGON RESTRICTED FOR: "MGR.TELESUP" IP=aaa.bbb.ccc.ddd

6.2 FTPACCES.ARPA.SYS

Page

Secure FTP on MPE/iX

7/18/2008

http://jazz.external.hp.com/papers/Securing

FTP

Whitepaper.html