Hub/Switch Installation Guide

ManualsBrandsIBM ManualsSwitchHub/Switch

421

422

423

424

425

426

427

428

429

430

Chapter 7 HPSS User Interface Conﬁguration

430 September 2002 HPSS Installation Guide

Release 4.5, Revision 2

Step 4. Creating FTP Users

Inorder foranHPSS userto useFTP, aDCE userid andpassword must becreated. RefertoSection

8.1.1: Adding HPSS Users (page 215) in the HPSS Management Guide for information on how to use

thehpssuser utilityto createtheDCEuserid andpassword andset up the necessaryconﬁguration

for theusertouseFTP.Notethatthisstep shouldnot bedone untilthe NSand theBFS arerunning

so that the hpssuser utility can create the home directory for the FTP user.

If desired (this is not recommended), the /bin/passwd_import and /bin/passwd_export

utilities canbe used to import/export the /etc/passwd ﬁle into/from the DCE Security Registry.

However, caution should be used so that the /etc/passwd ﬁle is not overlaid. Also, note that the

/bin/passwd_importand /bin/password_exportutilities donottransfertheactualpasswords

in/out of DCE!

The /opt/hpss/bin/hpss_ftppw utility can be used to change the encrypted passwords in the

/var/hpss/ftp/etc/ftppasswd ﬁle. The syntax for this utility is as follow:

hpss_ftppw <userid> [<password file pathname>]

The utility will prompt the user for the old and new passwords. The password ﬁle pathname

argument can be used to specify a password ﬁle other than the default ﬁle, /var/hpss/ftp/etc/

ftppasswd.

If the HPSS PFTP Daemon utilizes the DCE Registry for authentication (-S or -X options), the

{ftpaccess}ﬁleissuperﬂuousand therestofthissectionmay beskipped!TheHPSShomedirectory

for the user must still be established and conﬁgured.

To enable anonymous FTP, the “hpss_ftp” user must be deﬁned in either the HPSS FTP password

ﬁleor inthe DCEregistry(depending onwhichauthenticationmechanismisenabled).In addition,

the entry for the “hpss_ftp” user must contain a home directory deﬁned to be a non-NULL value.

The home directory deﬁned for the “hpss_ftp” user will be the root directory for the anonymous

ftp session. The user will not be able to change out of the ﬁle tree with that directory as its root.

Care must be taken if symlinks are created within this directory tree however - as it is possible

thatsymlink willpointoutofthis tree(andthereforeallowananonymous ftpuser accessoutside

of the directory tree).

To disable anonymous FTP, either:

1. Deﬁne the hpss_ftp user entry (in either the HPSS FTP password ﬁle or the DCE registry

depending on which authentication mechanism is enabled) with a NULL home directory

name, Set the shell for the hpss_ftp entry to “/bin/FALSE”.

-and-

2. IftheHPSSFTPpasswordﬁleisusedfor userauthentication,donotdeﬁneanentryfor the

“hpss_ftp” user.

or:

Add hpss_ftp, anonymous or guest to the HPSS FTP user ﬁle (normally “/var/hpss/ftp/etc/

ftpusers”).