HP3000-L Archives

March 2000, Week 2

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Creating an "FTP only" user
From:
"Genute, A Thomas" <[log in to unmask]>
Reply To:
Genute, A Thomas
Date:
Thu, 9 Mar 2000 09:15:44 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (72 lines) 
Note that I don't think this method will work with MPE/IX 6.0.   FTP doesn't
create a session under 6.0 and can't even be trapped by VESOFT's
Security/3000.   This has created a big security hole.   The only way to
find out who is logged on to the FTP server is:
LISTFILE FTPSRVR.ARPA.SYS,8  (or ,9)


Tom Genute


        -----Original Message-----
        From:   James Clark,Florida [mailto:[log in to unmask]]
        Sent:   Thursday, March 09, 2000 8:01 AM
        To:     [log in to unmask]
        Subject:        Re: Creating an "FTP only" user

        Are you saying that if the FTP transfer takes longer than 5 minutes
that it
        is aborted by the UDC? One other option to consider is the command
line
        option from FTP. Not sure if this is implemented in the HP side, but
if it
        is not now it will be, to make it fully compatible.

        James

        > -----Original Message-----
        > From: HP-3000 Systems Discussion [mailto:[log in to unmask]]On
        > Behalf Of Costas Anastassiades
        > Sent: Wednesday, March 08, 2000 10:28 AM
        > To: [log in to unmask]
        > Subject: Creating an "FTP only" user
        >
        >
        > I wanted to set up a user just for FTP. The user will have a
password but
        > since all FTP clients will logon using this user, the password
        > won't be the
        > best kept one. So I didn't want the user to be able to access the
system
        > prompt or execute any other command should someone get clever and
actually
        > logon as a normal session.
        >
        > This is what I came up with.
        > -create a new user with SF, IA and a specific HOME group
        > -assign him a UDC which has OPTION LOGON and NOBREAK and which
PAUSES for
        > say 5 minutes (more than enough FTP time for my needs) and then
        > issues a BYE
        >
        > and ... this ... seems ... to ... work :)
        >
        > FTP clients can logon and exchange files and yet when you logon
        > with a HELLO
        > there's nothing to do but wait for the BYE to be automatically
        > issued. What
        > is really neat, is that once the FTP client logs off, the session
        > also dies,
        > regardless of the elapsed PAUSE time.
        >
        > Now the purpose of this message is so someone can :
        >
        > a) tell me that I'm reinventing the wheel and/or
        > b) tell me what I'm missing and/or
        > b) suggest a more robust approach
        >
        > Costas Anastassiades,
        > INTRACOM SA
        > Athens - Greece
        >

ATOM RSS1 RSS2