553 Permission denied on server. (Upload) (1081 Views)
Reply
Occasional Visitor
Myke Fisher
Posts: 4
Registered: ‎07-16-2010
Message 1 of 13 (1,081 Views)

553 Permission denied on server. (Upload)

I've looked through the threads on the board for a resolution to this issue with no luck. In our case, we do not use the ftpaccess file.

We're running HP-UX 11iv3. I've checked that configuration for the id ftp is correct in /etc/passwd, and the permissions are correct for all of the directories in /home/ftp.

I receive 553 [filename]: Permission denied on server. (Upload)

Is ftpaccess required in order for anonymous ftp to upload files?
Regular Advisor
Regular Advisor
VVS
Posts: 104
Registered: ‎02-08-2007
Message 2 of 13 (1,081 Views)

Re: 553 Permission denied on server. (Upload)

What is the entry in /etc/inetd.conf file for ftp?

Check out the upload keyword on the ftpaccess man page and in the /etc/ftpd/ftpaccess file.
Work is life, you know, and without it, there's nothing but fear and insecurity.
Honored Contributor
Steven Schweda
Posts: 9,096
Registered: ‎02-23-2005
Message 3 of 13 (1,081 Views)

Re: 553 Permission denied on server. (Upload)

I can't easily check the details, but it
seems likely. Anonymous FTP doesn't allow
write access by default, so you'd need to
enable it somewhere, and ftpaccess would seem
to be the likeliest place to do it. (It may
have nothing to do with file or directory
permissions, just a policy of the FTP server
program.)

If the FTP server is generally accessible,
then I'd advise not using "incoming" as the
directory to make writable, as that's what
many of the scripts look for.

man ftpd
man ftpaccess
Occasional Visitor
Myke Fisher
Posts: 4
Registered: ‎07-16-2010
Message 4 of 13 (1,081 Views)

Re: 553 Permission denied on server. (Upload)

OK, so I went to a test server, and set up anonymous ftp from scratch using SAM. I get the exact same behavior.

Again, I emphasize that I have been told NOT to use ftpaccess. Hence, the entry in the inetd.conf appears as follows:

ftp stream tcp6 nowait root /usr/lbin/ftpd ftpd -l -L -A

It would seem that uploading is denied by default? This really seems odd. There doesn't seem to be a definitive answer among the other threads on this subject.
Honored Contributor
Steven Schweda
Posts: 9,096
Registered: ‎02-23-2005
Message 5 of 13 (1,081 Views)

Re: 553 Permission denied on server. (Upload)

> It would seem that uploading is denied by
> default? This really seems odd. [...]

Depends on your training. I expect it.
Remember that this is for _anonymous_ FTP,
where more restrictions are the norm. Do you
want the whole world to use your FTP server
as a file storage and distribution site?
(If you build it, they will come. Trust me.)

For normal-user FTP, the server typically
doesn't add any restrictions of its own --
it just respects the usual permissions+ACL
stuff.

> Again, I emphasize that I have been told
> NOT to use ftpaccess. [...]

Again? When was the first time? Any reason?
Honored Contributor
Steven Schweda
Posts: 9,096
Registered: ‎02-23-2005
Message 6 of 13 (1,081 Views)

Re: 553 Permission denied on server. (Upload)

> There doesn't seem to be a definitive
> answer among the other threads on this
> subject.

Which "the other threads"?

There are some facts in this one:

http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1290628

(As I recall, I set up anonymous FTP on an
HP-UX system, just so that I could play
around for that one.)

I can no longer find the official HP-UX "man"
pages in HTML, and I don't wish to suck down
a big pile of PDF files, and my HP-UX systems
are not available at the moment, so I can't
check, but I'd still vote for reading those
"man" topics mentioned earlier.
Honored Contributor
Steven Schweda
Posts: 9,096
Registered: ‎02-23-2005
Message 7 of 13 (1,081 Views)

Re: 553 Permission denied on server. (Upload)

> There are some facts in this one:
> [...]

And note that, if I'm to be trusted, the only
way I found to get that "553 Permission
denied on server. (Upload)" message was to be
using an ftpaccess file (with no appropriate
"upload" directive" in it). With _no_
ftpaccess file, I got the similar message
without the "(Upload)" part.

So, if you're seeing "(Upload)", I'd tend to
suspect that you really _are_ using an
ftpaccess file. But, of course, with my weak
psychic powers, I must rely on your reports.
Acclaimed Contributor
Dennis Handly
Posts: 25,277
Registered: ‎03-06-2006
Message 8 of 13 (1,081 Views)

Re: 553 Permission denied on server. (Upload)

> Steven: I can no longer find the official HP-UX man pages in HTML

They are still here, for awhile:
http://docs.hp.com/en/B2355-60130/index.html
Honored Contributor
Steven Schweda
Posts: 9,096
Registered: ‎02-23-2005
Message 9 of 13 (1,081 Views)

Re: 553 Permission denied on server. (Upload)

Any news?
Occasional Visitor
Myke Fisher
Posts: 4
Registered: ‎07-16-2010
Message 10 of 13 (1,081 Views)

Re: 553 Permission denied on server. (Upload)

I implemented the ftpaccess file on the test server I set up to replicate the problem. Doing this, I was allowed to upload via ftp anonymously. Unfortunately, my employer still requires that I find out how to do this without using the ftpaccess file.

This is because on servers running previous versions of HP-UX, anonymous FTP uploads are allowed without the ftpaccess file.

Can anyone definitively verify that 11iv3 requires use of the ftpaccess file in order for the anonymous account to upload?
Honored Contributor
Steven Schweda
Posts: 9,096
Registered: ‎02-23-2005
Message 11 of 13 (1,081 Views)

Re: 553 Permission denied on server. (Upload)

> Can anyone definitively verify that 11iv3
> requires use of the ftpaccess file in order
> for the anonymous account to upload?

I'm not definitive, but I've never seen a
WU-FTP-based FTP server (on any version of
HP-UX, or on anything else), which would, by
default, allow anonymous uploads. So far as
I know, it's always been an option which
requires explicit configuration, and it's
complex enough to be unlikely to be a
command-line option, so I'd guess that it's
always required something in the FTP server
configuration file.

I always hesitate to say "impossible", but
I'm unaware of any way to do what you want,
and I doubt that there is one, but I'm
always open to actual evidence to the
contrary.


> [...] Any reason?

Still wondering...

("The boss says so" is not the same as an
actual reason.)
Occasional Visitor
Myke Fisher
Posts: 4
Registered: ‎07-16-2010
Message 12 of 13 (1,081 Views)

Re: 553 Permission denied on server. (Upload)

Agreed. Here's why I'm having to chase this down.

Older server that was used for anonymous ftp. Allows upload anonymous with no issues.

OS on older server:
HP-UX [ourservername] B.11.11 U

entry in the inetd.conf file:

ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l

No ftpaccess file. This is why I'm trying to track down some sort of confirmation that 11i v3 has implemented tighter security.
Honored Contributor
Steven Schweda
Posts: 9,096
Registered: ‎02-23-2005
Message 13 of 13 (1,081 Views)

Re: 553 Permission denied on server. (Upload)

> Older server that was used for anonymous
> ftp. Allows upload anonymous with no
> issues.

My 11.11 system was inaccessible until now,
so I couldn't test much, but I'll admit that
its FTP server ("FTP server (Version
1.1.214.4(PHNE_38458) Tue Jul 29 07:36:52 GMT
2008)") is willing to do uploads without an
"ftpaccess" file.

Interestingly, it does give the distinctive
messages shown in that previously referenced
thread, depending on whether "ftpaccess"
exists ("(Upload)" with "ftpaccess", no
"(Upload)" without), while the FTP server on
my 11.31 system ("FTP server (Revision 1.1
Version wuftpd-2.6.1 Mon Oct 23 02:01:44 GMT
2006)") shows the "(Upload)" message even
without an "ftpaccess" file.

So, knowing not enough about what HP is using
for source code in either case, the
difference in ID strings suggests that these
really are different programs/versions, not
just the same stuff compiled at different
times (for different hardware types -- my
11.31 system is IA64). Further, I'd
speculate, based on the error messages, that
the server on the 11.31 system acts as if
it has some default "ftpaccess" file (perhaps
an empty one, perhaps not) when there is no
"ftpaccess" file, while the server on the
11.11 system behaves in a detectably
different way when the "ftpaccess" file is
absent. For a good time:

what /usr/lbin/ftpd

Around here, there's a considerable
difference in the reports between 11.11
(PA-RISC) and 11.31 (IA64) systems.

I spotted nothing informative in the "man
ftpd" stuff, so I'd guess that no one without
access to the source code could "definitively
verify" much of anything in this
neighborhood.

I wouldn't bet that this constitutes "tighter
security", but it does seem to be different
security.

So, is the apparent aversion to using an
"ftpaccess" file simply an expectation that
the new stuff should work like the old stuff,
or is there some other reason to avoid using
an "ftpaccess" file?
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.