Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1641
  • Last Modified:

HP-UX 11i FTP user files permissions problems!!!

Hi,

I have a problem with my HP-UX 11i OS ftp accounts whereby if any external ftp party connects to our server and puts any file in a directory on our server. The file permissons are always -rw-r----- and no read for others.

I have adjusted the ftp user .profile to include 'umask 022' but this only works if I 'su' on the server itself and create files with permissions levels
-rw-r--r--.

For any connections from remote site login as the same user I have su'ed as the permissions always default to -rw-r----- . Any way I can make a change so that permissions are always -rw-r--r-- for any ftp remote user connections.

Gurus please assist.

thanks
Bud
0
budrito12
Asked:
budrito12
  • 4
  • 3
2 Solutions
 
wesly_chenCommented:
By default, for root, the umask is 027 for some system.
So you need to do
su - username
so it will source username's login file (.profile) instead of inherit root's setting.
0
 
dbacaljaCommented:
Hi,
login file (.profile) doesn't have anything to do with permissions when using ftp. By default, when ftpd daemon is started, it sets its umask to 027. To change this default umask, use the -u option. I guess starting ftpd with something like

ftpd -u 022

will do the trick for you. Also, you'll probably want to change your startup scripts to include this change, so that when machine boots it will start ftpd with correct umask.

0
 
wesly_chenCommented:
> For any connections from remote site login as the same user I have su'ed as the permissions always default to -rw-r----- .
My comment is based on this statement.

Based on his description, as my understanding, after he "su" from root to other username, the files he created as that username
have permission -rw-r-----. This cause other user FTP login can not read/download those files.

If those files are uploaded through FTP, then dbacalja's comment is the answer.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
budrito12Author Commented:
DBACALJA,

Your reasoning sounds practical. So fo HP-UX can you please advise the path for statup sctipts and what file to edit plse. DO I have to stop and start the ftpd daemon again to make the change effective.

thanks
Bud
0
 
wesly_chenCommented:
> advise the path for statup sctipts and what file to edit
/etc/inetd.conf
ftp  stream tcp nowait root /usr/lbin/ftpd  ftpd -l -u 022

> DO I have to stop and start the ftpd daemon again to make the change effective
You need to set -HUP to inetd
kill -HUP <pid of inetd>
0
 
budrito12Author Commented:
Thanks, I'II split the points between wesly chen & dbacalja.
0
 
budrito12Author Commented:
Wesly,

I've notice that my /etc/inetd.conf file already contained the "ftp  stream tcp nowait root /usr/lbin/ftpd  ftpd -l -u 022" line but still permissions are wrong. In our other production server this was set to ftpd -l -u 002 so I've set it to this value now.

Changes still haven't taken place as I'm still not sure on killing the inetd process as you've mentioned. When I ps -ef|grep inetd in our server I get:

# ps -ef|grep inetd
    root  1499     1  0  Jan 16  ?         0:41 /usr/sbin/inetd -l
    root 21089 14121  0 16:18:03 pts/0     0:00 grep inetd

What you are saying is "kill -HUP 1499". Then do I start this again by executing "/usr/sbin/inetd -l". Please confirm.

thanks
0
 
wesly_chenCommented:
> kill -HUP 1499
Send a hung-up signal to process 1499 to reload the process or re-read the configuration file without change the pid.
You don't need to start /usr/sbin/inetd -l"
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now