don't worry too much: FTP respects the normal MPE security! So, when you
can access a file with a session (e.g. by using Reflection FTP what is the
same) you can access this via FTP, and vice versa.

This demonstrates the need to restrict the access rights always to the
minimum really needed. Also we have a lot of accounts with R:ANY - and I'm
not sure whether this is really needed and wanted for all files there ...

Best regards, Andreas Schmidt, CSC, Germany





Ron Miller <[log in to unmask]>@RAVEN.UTC.EDU> on 31/10/2001
00:15:50

Please respond to Ron Miller <[log in to unmask]>

Sent by:  HP-3000 Systems Discussion <[log in to unmask]>


To:   [log in to unmask]
cc:
Subject:  [HP3000-L] FTP Security and CD Command


I am looking at allowing a MS Windows user FTP to our HP 3000.

In testing, I can connect to any user.account for which I know the
passwords.

What scares me, is that once logged on, I can 'cd ..' up above the
account level and then 'cd' back down into any other account.  This is
possible even when connecting to an account with minimal capabilities.

Is there a way to prevent users from getting where they are not
wanted, while connected via FTP?

I've searched the newsgroup and read the FTP Installation and User
Guides, but they did not address this issue.

TIA for any help.

Respectfully,

Ron Miller

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *