IBM Hub/Switch Installation Manual page 430

Chapter 7 HPSS User Interface Configuration
Step 4. Creating FTP Users
In order for an HPSS user to use FTP, a DCE userid and password must be created. Refer to Section
8.1.1: Adding HPSS Users (page 215) in the HPSS Management Guide for information on how to use
the hpssuser utility to create the DCE userid and password and set up the necessary configuration
for the user to use FTP. Note that this step should not be done until the NS and the BFS are running
so that the hpssuser utility can create the home directory for the FTP user.
If desired (this is not recommended), the /bin/passwd_import and /bin/passwd_export
utilities can be used to import/export the /etc/passwd file into/from the DCE Security Registry.
However, caution should be used so that the /etc/passwd file is not overlaid. Also, note that the
/bin/passwd_import and /bin/password_export utilities do not transfer the actual passwords
in/out of DCE!
The /opt/hpss/bin/hpss_ftppw utility can be used to change the encrypted passwords in the
/var/hpss/ftp/etc/ftppasswd file. The syntax for this utility is as follow:
hpss_ftppw <userid> [<password file pathname>]
The utility will prompt the user for the old and new passwords. The password file pathname
argument can be used to specify a password file other than the default file, /var/hpss/ftp/etc/
ftppasswd.
If the HPSS PFTP Daemon utilizes the DCE Registry for authentication (-S or -X options), the
{ftpaccess} file is superfluous and the rest of this section may be skipped! The HPSS home directory
for the user must still be established and configured.
To enable anonymous FTP, the "hpss_ftp" user must be defined in either the HPSS FTP password
file or in the DCE registry (depending on which authentication mechanism is enabled). In addition,
the entry for the "hpss_ftp" user must contain a home directory defined to be a non-NULL value.
The home directory defined for the "hpss_ftp" user will be the root directory for the anonymous
ftp session. The user will not be able to change out of the file tree with that directory as its root.
Care must be taken if symlinks are created within this directory tree however - as it is possible
that symlink will point out of this tree (and therefore allow an anonymous ftp user access outside
of the directory tree).
To disable anonymous FTP, either:
1. Define the hpss_ftp user entry (in either the HPSS FTP password file or the DCE registry
depending on which authentication mechanism is enabled) with a NULL home directory
name, Set the shell for the hpss_ftp entry to "/bin/FALSE".
-and-
2. If the HPSS FTP password file is used for user authentication, do not define an entry for the
"hpss_ftp" user.
or:
Add hpss_ftp, anonymous or guest to the HPSS FTP user file (normally "/var/hpss/ftp/etc/
ftpusers").
430 September 2002 HPSS Installation Guide
Release 4.5, Revision 2