15 anonymous ftp, Anonymous ftp – HP Integrity NonStop H-Series User Manual

15 Anonymous FTP

Anonymous FTP provides a means by which an archive site allows general access to the archives
of information at that site. Each site creates a special “anonymous” logon, which has limited access
rights to the archive hosts, as well as restrictions on operations. Generally, the only operations
allowed are logging in to the site using FTP, listing the contents of a limited set of directories, and
retrieving files.

Anonymous FTP

The HP NonStop FTP anonymous user support is primarily targeted for the Open System Services
(OSS) environment. Although the FTP server can provide support for both the OSS and Guardian
environments, users who configure their environment to support the Guardian anonymous user
must assume responsibility for the security of their system due to the complexity associated with
sites that fully utilize the NonStop Safeguard subsystem access control lists (ACLs).

The FTP server relies heavily on the security features of the underlying operating system. This includes
the access permission setup for files and directories. Careful incorporation of these features is
required of the system administrator in order to provide a secure site. It is necessary to have the
Safeguard subsystem running and properly configured when supporting the NonStop FTP anonymous
user.

The Safeguard subsystem is used to add an anonymous user and to create an authentication record
that allows the user to log onto either the OSS or Guardian environment. Because the OSS
environment coexists with the Guardian environment, the FTP server helps determine which initial
file system or default personality the FTP anonymous user is permitted to logon to.

To logon to the OSS environment, the anonymous user enters the user name, “anonymous” or
“ftp”. The FTP server checks this logon against the contents of the FTPUSERS file residing on
$SYSTEM.ZTCPIP

. If the logon is found in this file, the anonymous user logon is rejected. Refer

to the subsection, Disallowing Logons in Section 7, Communicating With the FTP Server, for a
description of how the FTPUSERS file is set up.

NOTE:

For the OSS anonymous user who enters either “anonymous” or “ftp,”, you need add

only the lowercase alias or aliases to the FTPUSERS file. The FTP server code converts the OSS
anonymous logon to lowercase before checking it against the FTPUSERS file, since only the
lowercase (OSS anonymous) alias is required to be added under SAFEGUARD.

For the OSS anonymous user, it is important that the system administrator correctly sets up the
initial directory in order to allow the anonymous user to logon. The initial directory is what the FTP
server uses for the new OSS root directory. It is also used by the server to determine the FTP default
personality. Refer to the subsection, FTP Default Personality Selection in Section 6, FTP—Transferring
Files, for an explanation of this topic. For an anonymous user, if an invalid or non-existent
INITIAL-DIRECTORY is provided or if OSS is not running, the OSS anonymous user logon will be
denied.

HP NonStop requires the OSS anonymous user aliases (“anonymous” and “ftp”) to be frozen under
Safeguard for security purposes. The Guardian user name, NULL.FTP (for which “anonymous”
and “ftp” are aliases), also should be frozen. This is to prevent the anonymous user logons from
being accessed outside of FTP.

For security reasons, HP recommends that the objects (volumes/subvolumes, directory/subdirectories
and files) which are accessible by the anonymous user not be owned by the anonymous user.
Providing the anonymous user with a different user ID prevents the user from altering the security
settings associated with these objects.

Users who must support anonymous FTP write operations must assume their own security risks
associated with this capability. These users must also allow for their own disk resource management
procedures. HP recommends against providing anonymous FTP write operations.

152

Anonymous FTP