|
Select pages from WAGONEERS.COM: 
Buy this FSJ decal... ...use PayPal to pay for it! 
 |
AMSOIL synthetic lubricants and filters (please use customer #283461) 
Shop AMAZON.com from wagoneers.com!
| |||||||
Subject: ftp, anonymous setup, troubleshooting - hp
Document Text
Title : How to setup anonymous ftp, and troubleshooting ftp
Date : 970828
Type : EN
Document ID : A4786122
Problem Description
Can you explain the proper setup of anonymous FTP and how to
troubleshoot any problems?
Configuration Info
Operating System -HP-UX
Version -10.10
Hardware System - HP 9000
Series -K400
Solution
Verification and setup of services:
1. Verify that the following line is in /etc/inetd.conf and not
commented out (there should be no # in the first column):
10.X:
ftp stream tcp nowait root /usr/lbin/ftpd ftpd
9.X:
ftp stream tcp nowait root /etc/ftpd ftpd
or
netstat -a |grep ftp
the output should look like:
tcp 0 0 *ftp. *.*
2. Verify the following services are in /etc/services and not
commented out (with no # in the first column):
ftp-data 20/tcp # File Transfer Protocol (Data)
ftp 21/tcp # File Transfer Protocol (Control)
*Note: If you are using NIS (Network Information Services)
then verify on the master server that these services
are available, or do 'ypcat services |grep ftp'
Creation of anonymous FTP:
If possible use SAM to create anonymous ftp by entering SAM Areas:
Networking and Communications, and then Networking Services. Select
the desired service then choose Actions and Enable. If this method is
either undesirable or you are experiencing difficulties with SAM
then do the following steps:
1. Create an ftp user in /etc/passwd:
10.X:
ftp:*:500:1:Anonymous FTP user:/home/ftp:/usr/bin/false
9.X:
ftp:*:500:1:Anonymous FTP user:/users/ftp:/bin/false
*Note: If UID 500 is not available, use a UID that
is not currently being used.
*Note: GID 1 is usually group 'other', verify that group 'other'
does exist, and match its group ID in this field.
2. Create a home directory for the ftp user that is owned by ftp and
has permissions set to 0555:
10.X:
mkdir /home/ftp
chmod 555 /home/ftp
chown ftp:other /home/ftp
9.X:
mkdir /users/ftp
chmod 555 /users/ftp
chown ftp:other /users/ftp
3. Create a bin directory that is owned by root and has
permissions set to 0555:
10.X:
mkdir -p /home/ftp/usr/bin
chmod 555 /home/ftp/usr/bin /home/ftp/usr
chown root /home/ftp/usr/bin /home/ftp/usr
*Note: ftp structure has changed from 9.X to 10.x, there is
no longer a /home/ftp/bin. The bin directory was moved to
be under /home/ftp/usr:
9.X:
mkdir /users/ftp/bin
chmod 555 /users/ftp/bin
chown root /users/ftp/bin
4. Copy 'ls' to the new bin directory with permissions set to 0111:
10.X:
cp /sbin/ls /home/ftp/usr/bin/ls
chmod 111 /home/ftp/usr/bin/ls
9.X:
cp /bin/ls /users/ftp/bin/ls
chmod 111 /users/ftp/bin/ls
5. Create an etc directory that is owned by root and has permissions
of 0555:
10.X:
mkdir /home/ftp/etc
chmod 555 /home/ftp/etc
chown root /home/ftp/etc
9.X:
mkdir /users/ftp/etc
chmod 555 /users/ftp/etc
chown root /users/ftp/etc
This directory should contain versions of the files passwd and
group. These files must be owned by root and have
permissions of 0444:
10.X:
cp /etc/passwd /etc/group /home/ftp/etc
chown root /home/ftp/etc/passwd /home/ftp/etc/group
chmod 444 /home/ftp/etc/passwd /home/ftp/etc/group
9.X:
cp /etc/passwd /etc/group /users/ftp/etc
chown root /users/ftp/etc/passwd /users/ftp/etc/group
chmod 444 /users/ftp/etc/passwd /users/ftp/etc/group
6. OPTIONAL:
Create a dist directory that is owned by root and has permissions
of 755. Superuser can put read-only files in this directory to
make them available to anonymous ftp users.
10.X:
mkdir /home/ftp/dist
chown root /home/ftp/dist
chmod 755 /home/ftp/dist
9.X:
mkdir /users/ftp/dist
chown root /users/ftp/dist
chmod 755 /users/ftp/dist
7. OPTIONAL:
Create a pub directory that is owned by ftp and writable by all.
Anonymous ftp users can put files in this directory to make them
available to other anonymous ftp users.
10.X:
mkdir /home/ftp/pub
chown ftp:other /home/ftp/pub
chmod 777 /home/ftp/pub
9.X:
mkdir /users/ftp/pub
chown ftp:other /users/ftp/pub
chmod 777 /users/ftp/pub
Troubleshooting FTP:
1. Verify the installation steps.
2. If receiving message: ftp: connect: Connection refused.
Verify that inetd is running by entering 'ps -ef|grep inetd'.
You should see output like:
root 3730 2217 1 13:54:57 ttyp2 0:00 grep inetd
root 2324 1 0 13:43:28 ? 0:00 inetd
*Note: You may not see the grep process.
If inetd is not currently running, then as root type 'inetd'
3. If receiving either message: 530 access denied login failed,
or 530 User [name] access denied.
A. Verify netrc. in the user's home directory.
If the netrc. file contains password or account information
for use other than for anonymous ftp, its owner must match
the effective user ID of the current process. Its read,
write, and execute permission bits for group and other must
all be zero, and it must be readable by its owner.
Otherwise, the file is ignored.
So if you are unsure about this file, rename it to netrc.old.
for troubleshooting purposes.
B. Check /etc/ftpusers.
ftpd rejects remote logins to local user accounts that are
named in /etc/ftpusers. Each restricted account name must
appear alone on a line in the file. The line cannot contain
any white space. User accounts that specify a restricted
login shell in /etc/passwd should be listed in /etc/ftpusers
because ftpd accesses local accounts without using their
login shells.
C. You need to add or verify /etc/shells.
/etc/shells is an ASCII file containing a list of legal shells
on the system. Each shell is listed in the file by its
absolute path name. To learn more about this file, run 'man
shells'. To see the legal shells for your system run 'man
getusershell'. This will list all valid shells for your
system. If you use both 9.X and 10.X environments, include
the shells for both operating systems.
Example entries:
/bin/sh <<<-
/bin/rsh |
/bin/ksh |
/bin/rksh > 9.X valid shells
/bin/csh |
/bin/pam |
/usr/bin/keysh |
/bin/posix/sh <<<-
/sbin/sh <<<-
/usr/bin/sh |
/usr/bin/rsh |
/usr/bin/ksh > 10.X valid shells
/usr/bin/rksh |
/usr/bin/csh |
/usr/bin/keysh <<<-
All shells referred to in /etc/passwd or in the NIS passwd map
should be valid shells or links on this system and be listed
in /etc/shells.
4. If receiving message: ftp: ftp/tcp: unknown service.
Check your /etc/services file. If you make a change to
/etc/services, you must force the system to recognize the new
changes by typing:
inetd -c
Verify that permissions for /etc/services are 444 (-r--r--r--).
5. If receiving message: 421 Service not available, remote server
has closed connection.
Verify that /var/adm/inetd.sec does not contain an ftp entry of
either deny or allow. When you allow one user, you deny all other
users. For troubleshooting purposes you could rename
/var/adm/inetd.sec to /var/adm/inetd.sec.old. inetd.sec is not
needed unless you have a need for tightened security beyond login
verification.
6. If receiving message: 150 Opening ASCII mode data connection for
/usr/bin/ls. crt0: ERROR couldn't open /usr/lib/dld.sl
errno:000000002.
You have the wrong version of the command ls in /home/ftp/usr/bin.
To resolve this execute:
cp /sbin/ls /home/ftp/usr/bin/ls
|
Select pages from WAGONEERS.COM:
Buy this FSJ decal... ...use PayPal to pay for it!
|
AMSOIL synthetic lubricants and filters (please use customer #283461)
Shop AMAZON.com from wagoneers.com!
| |||||||
|
these pages protected by US Copyright laws John Meister copyright © 1995-2001 all rights reserved contact john-at-wagoneers.com |
|
Washington State has a $500 fine for "spam" (unsolicited commercial email)! |
read the Bible
