This scenario cannot be used on a system with the Controlled Access Protection Profile (CAPP)
with Evaluation Assurance Level 4+ (EAL4+) feature.
- Verify that the bos.net.tcp.client fileset
is installed on your system, by typing the following command:
lslpp -L | grep bos.net.tcp.client
If you receive no output, the fileset is not installed. For instructions
on how to install it, see the AIX 5L Version 5.2 Installation Guide and Reference.
- Verify that you have at least 8 MB of free space available
in the system's /home directory, by typing the following
command:
df -k /home
The script in step 4 requires
at least 8 MB free space in the /home directory to install
the required files and directories. If you need to increase the amount of
available space, see the AIX 5L Version 5.2 System Management Guide: Operating System and Devices.
- With root authority, change to the /usr/samples/tcpip directory. For example:
cd /usr/samples/tcpip
- To set up the account, run the following script:
./anon.ftp
- When prompted with Are you sure you want to modify /home/ftp?,
type yes. Output similar to the following displays:
Added user anonymous.
Made /home/ftp/bin directory.
Made /home/ftp/etc directory.
Made /home/ftp/pub directory.
Made /home/ftp/lib directory.
Made /home/ftp/dev/null entry.
Made /home/ftp/usr/lpp/msg/en_US directory.
- Change to the /home/ftp directory. For example:
cd /home/ftp
- Create a home subdirectory, by typing:
mkdir home
- Change the permissions of the /home/ftp/home directory
to drwxr-xr-x, by typing:
chmod 755 home
- Change to the /home/ftp/etc directory, by typing:
cd /home/ftp/etc
- Create the objrepos subdirectory, by typing:
mkdir objrepos
- Change the permissions of the /home/ftp/etc/objrepos directory to drwxrwxr-x, by typing:
chmod 775 objrepos
- Change the owner and group of the /home/ftp/etc/objrepos directory to the root user and the system group, by typing:
chown root:system objrepos
- Create a security subdirectory, by typing:
mkdir security
- Change the permissions of the /home/ftp/etc/security directory to drwxr-x---, by typing:
chmod 750 security
- Change the owner and group of the /home/ftp/etc/security directory to the root user and the security group, by typing:
chown root:security security
- Change to the /home/ftp/etc/security directory,
by typing:
cd security
- Add a user by typing the following SMIT fast path:
smit mkuser
In
this scenario, we are adding a user named test.
- In the SMIT fields, enter the following values:
User NAME [test]
ADMINISTRATIVE USER? true
Primary GROUP [staff]
Group SET [staff]
Another user can SU TO USER? true
HOME directory [/home/test]
After you enter your changes, press Enter to create the user. After
the SMIT process completes, exit SMIT.
- Create a password for this user with the following command:
passwd test
When prompted, enter the desired password. You must enter
the new password a second time for confirmation.
- Change to the /home/ftp/etc directory, by typing:
cd /home/ftp/etc
- Copy the /etc/passwd file to the /home/ftp/etc/passwd file, using the following command:
cp /etc/passwd /home/ftp/etc/passwd
- Using your favorite editor, edit the /home/ftp/etc/passwd file. For example:
vi passwd
- Remove all lines from the copied content except those for the root, ftp,
and test users. After your edit, the content should look similar to the following:
root:!:0:0::/:/bin/ksh
ftp:*:226:1::/home/ftp:/usr/bin/ksh
test:!:228:1::/home/test:/usr/bin/ksh
- Save your changes and exit the editor.
- Change the permissions of the /home/ftp/etc/passwd file
to -rw-r--r--, by typing:
chmod 644 passwd
- Change the owner and group of the /home/ftp/etc/passwd file to the root user and the security group, by typing:
chown root:security passwd
- Copy the contents of the /etc/security/passwd file
to the /home/ftp/etc/security/passwd file, using the
following command:
cp /etc/security/passwd /home/ftp/etc/security/passwd
- Using your favorite editor, edit the /home/ftp/etc/security/passwd file. For example:
vi ./security/passwd
- Remove all stanzas from the copied content except the stanza for the test
user.
- Remove the flags = ADMCHG line from the test user stanza. After
your edits, the content should look similar to the following:
test:
password = 2HaAYgpDZX3Tw
lastupdate = 990633278
- Save your changes and exit the editor.
- Change the permissions of the /home/ftp/etc/security/passwd file to -rw-------, by typing:
chmod 600 ./security/passwd
- Change the owner and group of the /home/ftp/etc/security/passwd file to the root user and the security group, by typing:
chown root:security ./security/passwd
- Using your favorite editor, edit the /home/ftp/etc/security/group file. For example:
vi ./security/group
- Add the following lines to the file:
system:*:0:
staff:*:1:test
- Save your changes and exit the editor.
- Use the following commands to copy the appropriate content into the /home/ftp/etc/objrepos directory:
cp /etc/objrepos/CuAt ./objrepos
cp /etc/objrepos/CuAt.vc ./objrepos
cp /etc/objrepos/CuDep ./objrepos
cp /etc/objrepos/CuDv ./objrepos
cp /etc/objrepos/CuDvDr ./objrepos
cp /etc/objrepos/CuVPD ./objrepos
cp /etc/objrepos/Pd* ./objrepos
- Change to the /home/ftp/home directory, by typing:
cd ../home
- Make a new home directory for your user, by typing:
mkdir test
This
will be the home directory for the new ftp user.
- Change the owner and group of the /home/ftp/home/test directory to the test user and the staff group, by typing:
chown test:staff test
- Change the permissions of the /home/ftp/home/test file
to -rwx------, by typing:
chmod 700 test
At this point, you have ftp sublogin set up on your machine. You can test
this with the following procedure: