IBM Hub/Switch Step 4. Creating FTP Users

Chapter 7 HPSS User Interface Conﬁguration

430 September 2002 HPSS Installation Guide

Release 4.5, Revision 2

Step 4. Creating FTP Users

Inorder for an HPSS user to use FTP, a DCE userid and password must be created.Refer to Section

8.1.1: AddingHPSS Users (page 215) in the HPSS Management Guide for information on how to use

thehpssuser utility to create the DCE userid and password and set up the necessary conﬁguration

forthe user to use FTP. Note that this step should not be done until the NS and the BFS are running

so that thehpssuser utility can create the home directory for the FTP user.

If desired (this is not recommended), the/bin/passwd_import and /bin/passwd_export

utilitiescan be used to import/export the /etc/passwd ﬁle into/from the DCE Security Registry.

However,caution should be used so that the /etc/passwd ﬁle is not overlaid. Also, note that the

/bin/passwd_importand /bin/password_export utilities do not transfer the actual passwords

in/out of DCE!

The /opt/hpss/bin/hpss_ftppw utility can be used to change the encrypted passwords in the

/var/hpss/ftp/etc/ftppasswd ﬁle. The syntax for this utility is as follow:

hpss_ftppw <userid> [<password file pathname>]

The utility will prompt the user for the old and new passwords. The password ﬁle pathname

argument can be used to specify a password ﬁle other than the default ﬁle,/var/hpss/ftp/etc/

ftppasswd.

If the HPSS PFTP Daemon utilizes the DCE Registry for authentication (-S or-X options), the

{ftpaccess}ﬁle is superﬂuous and the rest of this section may be skipped! The HPSS home directory

for the user must still be established and conﬁgured.

Toenable anonymous FTP, the “hpss_ftp” user must be deﬁned in either the HPSS FTP password

ﬁleor in the DCE registry (depending on which authentication mechanism is enabled). In addition,

the entry for the “hpss_ftp” user must contain a home directory deﬁned to be a non-NULL value.

Thehome directory deﬁned for the “hpss_ftp” user will be the root directory for the anonymous

ftp session. The user will not be able to change out of the ﬁle tree with that directory as its root.

Care must be taken ifsymlinks are created within this directory tree however - as it is possible

thatsymlink will point out of this tree (and therefore allow an anonymous ftp user access outside

of the directory tree).

To disable anonymous FTP, either:

1. Deﬁne the hpss_ftp user entry (in either the HPSS FTP password ﬁle or the DCE registry

depending on which authentication mechanism is enabled) with a NULL home directory

name, Set the shell for thehpss_ftp entry to “/bin/FALSE”.

-and-

2. Ifthe HPSS FTP password ﬁle is used for user authentication, do not deﬁne an entry for the

“hpss_ftp” user.

or:

Addhpss_ftp ,anonymous orguest to the HPSS FTP user ﬁle (normally “/var/hpss/ftp/etc/

ftpusers”).