WU-FTPD 2.6.1 Release Notes HP-UX 11.
Legal Notices © Copyright 2001-2008 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license. The information contained herein is subject to change without notice.
Table of Contents 1 WU-FTPD 2.6.1 Release Notes.....................................................................................................7 Announcement.....................................................................................................................8 What Is In This Version........................................................................................................8 WU-FTPD 2.6.1 Features...............................................................................
List of Figures 1-1 4 Structure of an FTP Server Hosting Two Virtual Domains .........................................
List of Tables 1-1 1-2 1-3 1-4 1-5 1-6 1-7 FTP Daemon timeout Options....................................................................................17 virtual Clause Options................................................................................................20 New Options in WU-FTPD 2.6.1.................................................................................25 WU-FTPD 2.6.1 Manpages..........................................................................................
List of Examples 1-1 1-2 1-3 1-4 1-5 1-6 1-7 1-8 1-9 1-10 1-11 1-12 1-13 6 The /etc/ftpd/ftpserver Configuration File Entry........................................................10 The passive Clause......................................................................................................18 The hostname Clause..................................................................................................21 The greeting Clause..................................................................
1 WU-FTPD 2.6.1 Release Notes This document discusses the most recent product information pertaining to WU-FTPD 2.6.1. It also discusses how to install WU-FTPD 2.6.1 on the HP-UX 11.0, HP-UX 11i v1, and HP-UX 11i v3 operating systems. This document addresses the following topics: • • • • • • • • “Announcement” (page 8) “What Is In This Version” (page 8) “WU-FTPD 2.6.
Announcement The File Transfer Protocol (FTP) enables you to transfer files between a client host system and a remote server host system. On the client system, a file transfer program provides a user interface to the FTP; on the server, the requests are handled by the FTP daemon, ftpd. WU-FTPD 2.6.1 is an HP implementation of the FTP daemon based on the replacement FTP daemon developed at Washington University. WU-FTPD 2.6.1 is the latest Web upgrade version of WU-FTPD 2.6.1 available on the HP-UX 11.
WU-FTPD 2.6.1 Features Following are the WU-FTPD 2.6.1 features supported on the HP-UX 11.0, HP-UX 11i v1, and HP-UX 11i v2 operating systems: Virtual FTP Support Virtual FTP support allows you to manage an FTP server for multiple domains on the same machine. Virtual FTP allows an administrator to configure a system to display a different banner, log file, and directory to a user when the user is connected to different domains on the same system.
NOTE: A sample configuration file exists in the /usr/newconfig/etc/ftpd/examples directory. Example 1-1 The /etc/ftpd/ftpserver Configuration File Entry The following example shows a possible entry in the /etc/ftpd/ftpservers configuration file: 123.123.123.123 /etc/ftpd/somedomain In this example, when an FTP client connects to the server using the IP address 123.123.123.
virtual address allow username [ username ... ] virtual address deny username [ username ... ] The “virtual address private” directive This directive is used to deny anonymous FTP login. By default, anonymous users are allowed to log in a virtual FTP setup. virtual address private The “virtual address root path” and “virtual address banner path” directives These directives are used to display the banner message and are used in the /etc/ ftpd/ftpacess file.
NOTE: The virtual address logfile path directive does not require the virtual address root directive. This directive overrides the logfile path directive. If the /etc/ftpd/ftpaccess file has the logfile path directive but does not have the virtual address logfile path directive, then the logfile path directive does not affect the behavior of the ftpd( 1M) daemon. The “virtual address hostname string” directive This directive is used to change the default hostname of the FTP server.
NOTE: The virtual address incmail emailaddress directive does not require the virtual address root path directive. This directive overrides the incmail emailaddress directive. If the master /etc/ftpd/ftpaccess configuration file has the incmail emailaddress directive but does not have the virtual address incmail emailaddress directive, then the incmail emailaddress directive does not affect the behavior of the ftpd( 1M) daemon.
The “virtual address allow username” and “virtual address deny username” directives These directives are used to allow or deny real and guest users to log in a virtual FTP setup. These directives can also be used in the master /etc/ftpd/ftpaccess file. The “virtual address private” directive This directive is used to deny anonymous access to virtual FTP setup. This directive can also be used in the master /etc/ftpd/ftpaccess file.
NOTE: Do not use the virtual address email emailaddress directive in the virtual domain's ftpaccess file as it will not have any effect. The “incmail emailaddress” directive This directive is used to change the email address for anonymous upload notifications. This directive is used in the /etc/ftpd/ftpaccess file. NOTE: Do not use the virtual address incmail emailaddress directive in the virtual domain's ftpaccess file as it will not have any effect.
You must ensure that the files referenced after changing the root directory exist in the virtual server (similar to the scenario for setting up an anonymous account). The privatepw Utility The administrative utility, /usr/bin/privatepw, is used to update the group access file information in /etc/ftpd/ftpgroups. The administrator can add, delete, and list enhanced access group information required for the commands SITE GROUP and SITE GPASS.
Specifies the name of a mail server that accepts upload notifications for the FTP daemon. You can use this option to notify any user of anonymous uploads. incmail def@abc.com Specifies the email addresses to be notified of anonymous uploads. mailfrom ghi@abc.com Specifies the sender’s email address for anonymous upload notifications. • Timeouts You can configure timeout values used within the FTP daemon by using the timeout options. Table 1-1 describes the FTP daemon timeout values.
Displays the message Current IDLE time limit is 200 seconds; max 7200 timeout maxidle 6200 Displays the message Current IDLE time limit is 200 seconds; max 6200 timeout RFC931 0 Disables RFC 931-based authentication, because 0 is specified. • Enhanced DNS Extensions This feature is used to refuse (or override) an FTP session when a reverse DNS lookup fails.
of the data connection does not match the remote IP address of the control connection data. You can specify multiple passive addresses to handle complex or multi-gateway networks. The syntax for selectively allowing PORT and PASV data connections is as follows: pasv-allow [ addrglob ...] port-allow [ addrglob ...] NOTE: You cannot selectively allow PORT and PASV data connections in an IPv6 environment.
NOTE: For all these clauses, you must copy the libraries /usr/lib/libnss_files.1 and /usr/lib/libdld.2 to the /usr/lib directory of the current environment. • Virtual Server Using the virtual server clauses, you can restrict user access to both the virtual and non-virtual domains. Also, you can use the options specified in the virtual clause to display the virtual host name. The syntax for the virtual clause is as follows: virtual
allow [ username ...• Default Host Name This feature defines the default host name of the FTP server that is displayed in the greeting message. If you do not specify this clause, the default host name of the local machine is used. The syntax for the specifying the default host name is as follows: hostname Example 1-3 The hostname Clause An example for the hostname clause is as follows: hostname telnet2.123.com Displays the default host name (telnet2.123.
The syntax for treating UIDs and GIDs as guests is as follows: guestuser [ username ... ] realgroup [ groupname ... ] realuser [ username ... ] • Upload and Download Ratios You can set the upload and download ratio to limit the user’s ability to upload and download files. By default, a ratio is not set. The syntax for setting the upload and download ratio is as follows: ul-dl-rate [ class ...] dl-free [ class ...] dl-free-dir [ class ...
Example 1-6 The defumask Clause The following are some examples for the defumask clause: defumask 0177 defumask 0133 ClassA This creates files with the permission -rw-r--r-- for a user of ClassA. For other users, files are created with the permission -rw-------. • Limitations on the Number of Lines of Output This feature allows you to limit the number of lines of output that can be sent to the remote client. By default, the limit is set to 20.
Example 1-8 The anonymous-root Clause The following are examples for the anonymous-root clause: anonymous-root /home/ftp anonymous-root /home/localftp localnet Example 1-8 contains two examples for the anonymous-root clause. The first example changes the root directory of all the anonymous users to the directory /home/ftp, the anonymous user’s current working directory being the home directory.
the server. You can use the -I daemon option to enable RFC 1413-based authentication. By default, this authentication is disabled. New Feature Related to Data Transfer The following lists the data transfer features: • For statistical purposes, you can keep track of the total bytes of data transferred. Also, you can limit the number of data bytes a user in any given class can transfer. You can specify a directive in the /etc/ftpd/ftpaccess file to limit the number of bytes incoming, outgoing, or both.
Table 1-3 New Options in WU-FTPD 2.6.1 (continued) Option Description -V This option causes the program to display copyright and version information and then terminate. -w and -W This option determines if user logins must be recorded in the /var/adm/wtmp and /var/adm/btmp files. -X This option does not save the output created by the -i and -o options to the /var/ adm/syslog/xferlog file but writes to the /var/adm/syslog/syslog.log file.
— EPRT - Extended Port This command specifies a host port for both IPv4 and IPv6 connections. Example 1-10 ERPT Command Output for IPv6 and IPv6 Connections The following displays the output for the EPRT command for both IPv6 and IPv6 connections. For IPv4: ------> EPRT 1 132.235.1.2 50934 For IPv6: ------> EPRT 2 fe80::260:b0ff:fec1:7b2f 50934 — EPSV - Extended Passive This command requests a server to listen on a data port and wait for a connection.
— LPSV This command requests a server to listen on a data port other than its default port and to wait for a connection rather than initiate one upon the receipt of a transfer command. Example 1-13 LPASV Command Output The following displays the output for the LPASV command: ftp> passive Passive mode on. -------> LPSV 228 Entering Long Passive Mode (6,16,254,128,0,0,0,0,0,0, 2,96,176,255,254,193,123,47,2,134,7) NOTE: The FTP client must use the -l option to use the LPSV and LPRT commands.
HP-Specific Features HP has introduced the following features in WU-FTPD 2.6.1: • Command-Line Options Following are the options included in WU-FTPD 2.6.1: — -m number_of_tries Specifies the number of tries for a bind() socket call. — -n nice_value Sets the nice value for an WU-FTPD process. When using this option, make sure that the nice clause in /etc/ftpd/ftpaccess file (see ftpaccess(4)) is not set. — -B Sets the buffer size of the data socket to blocks of size of 1024 bytes.
Compatibility Information Customers currently using WU-FTPD 2.4 do not need to modify their configuration file. WU-FTPD 2.4 is compatible with this release of WU-FTPD. However, HP recommends you to use the WU-FTPD 2.6.1 configuration file delivered with this release in order to effectively use the new features and changes incorporated in WU-FTPD 2.6.1. 30 WU-FTPD 2.6.
You have to modify your configuration settings only for the following instances: • If you upgrading to WU-FTPD 2.6.1 on an HP-UX 11.0 operating system, you must consider the following: — Upgrading from legacy FTP version – In the legacy ftpd version, the -A option is used to enable Kerberos authentication whereas in WU-FTPD 2.6.1 the -A option is used to disable the /etc/ftpd/ftpaccess file and the -K option is used to enable Kerberos authentication. — Upgrading from WU-FTPD 2.
Installing WU-FTPD 2.6.1 For the HP-UX 11.0 and HP-UX 11i v1 operating systems, you can download the Web upgrade version of WU-FTPD 2.6.1 from http://www.software.hp.com To install WU-FTPD 2.6.1, run the following command at the HP-UX prompt: $ swinstall -s
If WU-FTPD 2.6.1 is installed properly, the following output is displayed: • On an HP-UX 11.0 operating system WU-FTP-261 • WU-FTPD-2.6.1 special release upgrade On an HP-UX 11i v1 operating system WU-FTP-261 • B.11.00.01.007 B.11.11.01.011 WU-FTPD-2.6.1 special release upgrade On an HP-UX 11i v3 operating system HPUX-FTPServer C.2.6.1.4.0 HPUX FTP Server Known Problems and Limitations WU-FTPD 2.6.1 does not have any known problems and limitations.
Table 1-4 WU-FTPD 2.6.1 Manpages (continued) Manpage Description ftpgroups(4) Group password file for use with the SITE GROUP and SITE GPASS commands ftpservers(4) File that contains the set of virtual domain configuration files, which the ftpd(1M) server must use ftpconversions(4) ftpd(1M) conversion database.
Table 1-5 Defects Fixed in the HP-UX 11.0 Operating System (continued) Identifier Description JAGad96997 WU-FTPD is not working as expected. JAGad99478 WU-FTPD is not checking NULL hostname. Defects fixed in WU-FTPD 2.6.1 (B.11.00.01.003) JAGae85593 Under certain conditions ftpd(1M) does not work properly.
Table 1-5 Defects Fixed in the HP-UX 11.0 Operating System (continued) Identifier Description JAGae79698 When ftp(1) tries to transfer a file to an NFS mounted directory in a system where the disk space is full, ftpd(1M) displays the following error message, even though transfer operation has failed: 226 Transfer complete JAGaf08674 In some situations, there is a delay in an FTP connection after the FTP client displays the Connected to message.
Table 1-6 Defects Fixed in the HP-UX 11i v1 Operating System (continued) Identifier Description JAGad96997 WU-FTPD is not working as expected. JAGad99478 WU-FTPD is not checking NULL hostname. JAGad88782 The previous version of WU-FTPD released as a Web upgrade generates swverify error when installed above PHNE_23950. Defects fixed in WU-FTPD 2.6.1 (B.11.11.01.003) JAGae85593/ Under certain conditions ftpd(1M) does not work properly.
Table 1-6 Defects Fixed in the HP-UX 11i v1 Operating System (continued) Identifier Description Defects fixed in WU-FTPD 2.6.1 (B.11.11.01.006) JAGaf62718/ QXCR1000548386 JAGaf54890/ ftpd(1M) has a problem when a failure occurs in establishing a data connection with the client. QXCR1000545542 ftpd(1) is unable to log into the virtual domain when the FTP server invoked by inetd(1M) uses the ftpservers(4) configuration file to enable the virtual hosting feature.
Table 1-6 Defects Fixed in the HP-UX 11i v1 Operating System (continued) Identifier Description JAGaf87174/ QXCR1000557780 In passive mode, ftpd(1M) may assign the same port number for consecutive PASV requests for data connections. JAGaf87739/ ftpd(1M) takes long time to transfer files in ASCII mode. QXCR1000558009 JAGaf91558/ ftp(1) has problem in globbing patterns.
Table 1-6 Defects Fixed in the HP-UX 11i v1 Operating System (continued) Identifier Description JAGaf91258/ Certain inputs to ftpd(1M) can cause huge delay in the response. QXCR1000559419 JAGaf71500/ QXCR1000551539 1 ftpd(1M) does not list all the files when a file name glob is used against a directory listing command and the number of files passing the file name glob is more than 1000.