07-16-2010 08:50 AM
We're running HP-UX 11iv3. I've checked that configuration for the id ftp is correct in /etc/passwd, and the permissions are correct for all of the directories in /home/ftp.
I receive 553 [filename]: Permission denied on server. (Upload)
Is ftpaccess required in order for anonymous ftp to upload files?
07-16-2010 09:56 AM
Check out the upload keyword on the ftpaccess man page and in the /etc/ftpd/ftpaccess file.
07-16-2010 10:00 AM
seems likely. Anonymous FTP doesn't allow
write access by default, so you'd need to
enable it somewhere, and ftpaccess would seem
to be the likeliest place to do it. (It may
have nothing to do with file or directory
permissions, just a policy of the FTP server
If the FTP server is generally accessible,
then I'd advise not using "incoming" as the
directory to make writable, as that's what
many of the scripts look for.
07-16-2010 11:45 AM
Again, I emphasize that I have been told NOT to use ftpaccess. Hence, the entry in the inetd.conf appears as follows:
ftp stream tcp6 nowait root /usr/lbin/ftpd ftpd -l -L -A
It would seem that uploading is denied by default? This really seems odd. There doesn't seem to be a definitive answer among the other threads on this subject.
07-16-2010 12:18 PM
> default? This really seems odd. [...]
Depends on your training. I expect it.
Remember that this is for _anonymous_ FTP,
where more restrictions are the norm. Do you
want the whole world to use your FTP server
as a file storage and distribution site?
(If you build it, they will come. Trust me.)
For normal-user FTP, the server typically
doesn't add any restrictions of its own --
it just respects the usual permissions+ACL
> Again, I emphasize that I have been told
> NOT to use ftpaccess. [...]
Again? When was the first time? Any reason?
07-16-2010 12:33 PM
> answer among the other threads on this
Which "the other threads"?
There are some facts in this one:
(As I recall, I set up anonymous FTP on an
HP-UX system, just so that I could play
around for that one.)
I can no longer find the official HP-UX "man"
pages in HTML, and I don't wish to suck down
a big pile of PDF files, and my HP-UX systems
are not available at the moment, so I can't
check, but I'd still vote for reading those
"man" topics mentioned earlier.
07-16-2010 12:45 PM
And note that, if I'm to be trusted, the only
way I found to get that "553 Permission
denied on server. (Upload)" message was to be
using an ftpaccess file (with no appropriate
"upload" directive" in it). With _no_
ftpaccess file, I got the similar message
without the "(Upload)" part.
So, if you're seeing "(Upload)", I'd tend to
suspect that you really _are_ using an
ftpaccess file. But, of course, with my weak
psychic powers, I must rely on your reports.
07-21-2010 07:29 AM
This is because on servers running previous versions of HP-UX, anonymous FTP uploads are allowed without the ftpaccess file.
Can anyone definitively verify that 11iv3 requires use of the ftpaccess file in order for the anonymous account to upload?
07-21-2010 07:48 AM
> requires use of the ftpaccess file in order
> for the anonymous account to upload?
I'm not definitive, but I've never seen a
WU-FTP-based FTP server (on any version of
HP-UX, or on anything else), which would, by
default, allow anonymous uploads. So far as
I know, it's always been an option which
requires explicit configuration, and it's
complex enough to be unlikely to be a
command-line option, so I'd guess that it's
always required something in the FTP server
I always hesitate to say "impossible", but
I'm unaware of any way to do what you want,
and I doubt that there is one, but I'm
always open to actual evidence to the
> [...] Any reason?
("The boss says so" is not the same as an
07-21-2010 08:17 AM
Older server that was used for anonymous ftp. Allows upload anonymous with no issues.
OS on older server:
HP-UX [ourservername] B.11.11 U
entry in the inetd.conf file:
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l
No ftpaccess file. This is why I'm trying to track down some sort of confirmation that 11i v3 has implemented tighter security.
07-22-2010 04:43 AM
> ftp. Allows upload anonymous with no
My 11.11 system was inaccessible until now,
so I couldn't test much, but I'll admit that
its FTP server ("FTP server (Version
188.8.131.52(PHNE_38458) Tue Jul 29 07:36:52 GMT
2008)") is willing to do uploads without an
Interestingly, it does give the distinctive
messages shown in that previously referenced
thread, depending on whether "ftpaccess"
exists ("(Upload)" with "ftpaccess", no
"(Upload)" without), while the FTP server on
my 11.31 system ("FTP server (Revision 1.1
Version wuftpd-2.6.1 Mon Oct 23 02:01:44 GMT
2006)") shows the "(Upload)" message even
without an "ftpaccess" file.
So, knowing not enough about what HP is using
for source code in either case, the
difference in ID strings suggests that these
really are different programs/versions, not
just the same stuff compiled at different
times (for different hardware types -- my
11.31 system is IA64). Further, I'd
speculate, based on the error messages, that
the server on the 11.31 system acts as if
it has some default "ftpaccess" file (perhaps
an empty one, perhaps not) when there is no
"ftpaccess" file, while the server on the
11.11 system behaves in a detectably
different way when the "ftpaccess" file is
absent. For a good time:
Around here, there's a considerable
difference in the reports between 11.11
(PA-RISC) and 11.31 (IA64) systems.
I spotted nothing informative in the "man
ftpd" stuff, so I'd guess that no one without
access to the source code could "definitively
verify" much of anything in this
I wouldn't bet that this constitutes "tighter
security", but it does seem to be different
So, is the apparent aversion to using an
"ftpaccess" file simply an expectation that
the new stuff should work like the old stuff,
or is there some other reason to avoid using
an "ftpaccess" file?