You can set up anonymous FTP with a secure user account.
This scenario sets up an anonymous FTP with a secure
user account, using the command line interface and a script.
-
Verify that the bos.net.tcp.client fileset is installed on your system, by
typing the following command:
lslpp -L | grep bos.net.tcp.client
If you receive no output, the fileset is not installed. For instructions on how to install it,
see the
Installation and migration.
- With root authority, change to the /usr/samples/tcpip directory.
For example:
- To set up the account, run the following script:
- When prompted with
Are you sure you want to modify
/home/ftp?
, type yes. Output similar
to the following displays: Added user anonymous.
Made /home/ftp/bin directory.
Made /home/ftp/etc directory.
Made /home/ftp/pub directory.
Made /home/ftp/lib directory.
Made /home/ftp/dev/null entry.
Made /home/ftp/usr/lpp/msg/en_US directory.
- Change to the /home/ftp directory.
For example:
- Create a home subdirectory, by typing:
- Change the permissions of the /home/ftp/home directory
to
drwxr-xr-x
, by typing:
- Change to the /home/ftp/etc directory,
by typing:
- Create the objrepos subdirectory,
by typing:
- Change the permissions of the /home/ftp/etc/objrepos directory
to
drwxrwxr-x
, by typing:
- Change the owner and group of the /home/ftp/etc/objrepos directory
to the root user and the system group, by typing:
chown root:system objrepos
- Create a security subdirectory, by
typing
- Change the permissions of the /home/ftp/etc/security directory
to
drwxr-x---
, by typing:
- Change the owner and group of the /home/ftp/etc/security directory
to the root user and the security group, by typing:
chown root:security security
- Change to the /home/ftp/etc/security directory,
by typing:
- Add a user by typing the following SMIT fast path:
In this
scenario, we are adding a user named test
.
- In the SMIT fields, enter the following values:
User NAME [test]
ADMINISTRATIVE USER? true
Primary GROUP [staff]
Group SET [staff]
Another user can SU TO USER? true
HOME directory [/home/test]
After you enter your changes, press Enter to create the user.
After the SMIT process completes, exit SMIT.
- Create a password for this user with the
following command:
When prompted, enter the desired password. You must enter the
new password a second time for confirmation.
- Change to the /home/ftp/etc directory,
by typing
- Copy the /etc/passwd file to the /home/ftp/etc/passwd file,
using the following command:
cp /etc/passwd /home/ftp/etc/passwd
- Using your favorite editor, edit the /home/ftp/etc/passwd file.
For example:
- Remove all lines from the copied content except those for
the root, ftp, and test users. After your edit, the content should
look similar to the following:
root:!:0:0::/:/bin/ksh
ftp:*:226:1::/home/ftp:/usr/bin/ksh
test:!:228:1::/home/test:/usr/bin/ksh
- Save your changes and exit the editor.
- Change the permissions of the /home/ftp/etc/passwd file
to
-rw-r--r--
, by typing:
- Change the owner and group of the /home/ftp/etc/passwd file
to the root user and the security group, by typing:
chown root:security passwd
- Copy the contents of the /etc/security/passwd file
to the /home/ftp/etc/security/passwd file, using
the following command:
cp /etc/security/passwd /home/ftp/etc/security/passwd
- Using your favorite editor, edit the /home/ftp/etc/security/passwd file.
For example:
- Remove all stanzas from the copied content except the stanza
for the test user.
- Remove the
flags = ADMCHG
line from the
test user stanza. After your edits, the content should look similar
to the following: test:
password = 2HaAYgpDZX3Tw
lastupdate = 990633278
- Save your changes and exit the editor.
- Change the permissions of the /home/ftp/etc/security/passwd file
to
-rw-------
, by typing: chmod 600 ./security/passwd
- Change the owner and group of the /home/ftp/etc/security/passwd file
to the root user and the security group, by typing:
chown root:security ./security/passwd
- Using your favorite editor, create and edit the /home/ftp/etc/group file.
For example:
- Add the following lines to the file:
system:*:0:
staff:*:1:test
- Save your changes and exit the editor.
- Change the permissions of the /home/ftp/etc/group file
to
-rw-r--r-–
, by typing:
- Change the owner and group of the /home/ftp/etc/group file
to the root user and the security group, by typing:
chown root:security group
- Using your favorite editor, create and edit the /home/ftp/etc/security/group file.
For example:
- Add the following lines to the file:
system:
admin = true
staff
admin = false
- Save your changes and exit the editor.
To
do this, perform the following steps:
- Copy the
/etc/security/user
file to the /home/ftp/etc/security directory,
by typing:cp /etc/security/user /home/ftp/etc/security
cd /home/ftp/etc/
- Remove all stanzas from the copied content, except the stanza
for the
test
user, using the editor by typing: vi ./security/user
- Save and exit the editor.
- Change the permissions of the /home/ftp/etc/security/group
file to
-rw-r-----
, by typing: chmod 640 ./security/group
- Change the owner and group of the /home/ftp/etc/security/group
file to the root user and the security, by typing:
chown root:security ./security/group
- Use the following commands to copy the appropriate content
into the /home/ftp/etc/objrepos directory:
cp /etc/objrepos/CuAt ./objrepos
cp /etc/objrepos/CuAt.vc ./objrepos
cp /etc/objrepos/CuDep ./objrepos
cp /etc/objrepos/CuDv ./objrepos
cp /etc/objrepos/CuDvDr ./objrepos
cp /etc/objrepos/CuVPD ./objrepos
cp /etc/objrepos/Pd* ./objrepos
- Change to the /home/ftp/home directory,
by typing:
- Make a new home directory for your user, by typing:
mkdir test
This will be the home directory
for the new ftp user.
- Change the owner and group of the /home/ftp/home/test directory
to the
test
user and the staff group, by typing:
- Change the permissions of the /home/ftp/home/test file
to
-rwx------
, by typing:
- Disable the remote login and the console login for the
test user, by typing:
chuser login=false rlogin=false test
At this point, you have ftp sublogin set up on your machine.
You can test this with the following procedure:
- Using ftp, connect to the host on which you created the
test
user.
For example: ftp MyHost
- Log in as
anonymous
. When prompted for a password,
press Enter.
- Switch to the newly created
test
user, by using
the following command: user test
When prompted
for a password, use the password you created in step 18
- Use the pwd command to verify the user's home
directory exists. For example:
ftp> pwd
/home/test
The output shows /home/test as
an ftp subdirectory. The full path name on the
host is actually /home/ftp/home/test.
Notes:
- You can switch users only with ftp sub users. For example,
test
is
an ftp sub user.
- When you create ftp
anonymous
users, with the
script anon.users.ftp
, you can assign the user any
name by replacing username in the script.
- For
anonymous
users, because the server performs
the chroot command in the home directory of the
user account, any configuration-related file, such as fileftpaccess.ctl,
should be in the home directory, such as ~/etc/,
of the respective anonymous user. 'Writeonly,' 'readonly,'
and 'readwrite,' restrictions in the /etc/ftpaccess.ctl file
must have a path relative to the chrooted path.
For more information: