Manualshelf

Open System Services Management and Operations Guide (G06.25+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
251252253254255256257258259260
Managing Security
Open System Services Management and Operations Guide527191-002
8-22
Hints and Suggestions
An alias must have a valid initial working directory (in the previous example,
/user/guest):
°
If no valid initial working directory is specified for an anonymous alias, then
FTP access for that alias is denied.
°
An initial working directory of /E, /G, or a directory in /G is invalid.
The aliases anonymous and ftp must be frozen under the Safeguard product, so
that those names cannot be used for access through any server process other
than FTP.
Freezing the user NULL.FTP disables anonymous access to the Guardian
environment.
No OSS initial working directory is specified for the user NULL.FTP. As a result, the
user NULL.FTP is not allowed access to the OSS file system.
The aliases anonymous and ftp do not have access to the Guardian
environment.
The user definition NULL.FTP and its aliases must all use the same Guardian
default subvolume.
The initial working directory for an anonymous FTP user should be set up to have
appropriate security in the OSS environment for the user as a type “other” user of
the directory.
°
A read-only anonymous user would have the OSS file security for the directory
set to “drwxrwxr-x”.
°
A write-only anonymous user would have the OSS file security for the directory
set to “drwxrwx-wx”.
Guardian or OSS environment access by any user can be disabled by adding the
appropriate user name or alias to the FTPUSERS file in $SYSTEM.ZTCPIP.
Allowing anonymous user access means omitting the corresponding user name or
alias from the FTPUSERS file.
See the Safeguard Administrators Manual, the Safeguard Reference Manual, and the
Security Management Guide for additional security considerations. See the TCP/IP
Applications and Utilities User Guide for additional information and recommendations
about anonymous user FTP access. See the appropriate manual for information about
the corresponding concepts and facilities of a third-party product.
Disallowing OSS Use by Specific Users
Some sites assign a nonexistent OSS pathname as the initial working directory to all
user and alias definitions that are not explicitly configured for OSS environment
access. For example, they would use a SAFECOM command such as:
ALTER USER scribes.donald, INITIAL-DIRECTORY /contact_site_admin