A fix is available
APAR status
Closed as program error.
Error description
FTP in TLS mode does not work for non-root users if the certificates have 600 permission. # ls -ld /.tls drw------- 3 root system 256 Jun 12 16:15 /.tls # ls -l /.tls -rw------- 1 root system 2838 Jun 12 14:57 client_server.pem drw------- 2 root system 256 Jun 12 15:00 rootCA -rw------- 1 root system 4002 Jun 12 14:57 server.pem -rw------- 1 root system 1164 Jun 12 14:57 server_cert.pem -rw------- 1 root system 1679 Jun 12 14:57 server_key.pem -rw------- 1 root system 1017 Jun 12 14:57 server_req.pem # ftp -s <hostname> ... ... 234 Using authentication type TLSv1 TLS Auth Entered. ... TLSv1/SSLv3 ( DHE-RSA-AES256-SHA ), 256 bits Name (hostname:testuser): testuser 331 Password required for testuser. Password: ... ftp> ls 200 PORT command successful. 150 Opening data connection for .. tls_getc SSL_ERROR_SSL 522 TLS negotiation failed. ftp> However, the IBM Redbook recommends 600 permission for certificates.
Local fix
Give 644 Permissions to .tls directory and certificates.
Problem summary
When 600 permissions are set to certificates, FTP over TLS will error out for non-root users
Problem conclusion
Code changes made to assign proper privileges for non-root users to perform FTP over TLS
Temporary fix
Comments
6100-04 - use AIX APAR IZ66100
APAR Information
APAR number
IZ66100
Reported component name
AIX 610
Reported component ID
5765G6200
Reported release
610
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Submitted date
2009-11-30
Closed date
2009-11-30
Last modified date
2013-03-28
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
AIX 610
Fixed component ID
5765G6200
Applicable component levels
R610 PSY U828116
UP10/01/12 I 1000
PTF to Fileset Mapping
U828116 bos.net.tcp.client 6.1.4.2
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSMV87","label":"AIX 6.1 Enterprise Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"610","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSMVAX","label":"AIX Express Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"610","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSAUMY","label":"IBM AIX Enterprise Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"610","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG11Q","label":"AIX 6.1 HIPERS, APARs and Fixes"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"610","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
28 March 2013