[an error occurred while processing this directive]

HP OpenVMS Systems Documentation

Content starts here

HP TCP/IP Services for OpenVMS
Management


Previous Contents Index

16.1.4 Managing FTP with Logical Names

Table 16-1 lists the logical names that you can use to manage the FTP server. After you define a logical name, you must stop and start the FTP server for the new setting to take effect.

Table 16-1 FTP Logical Names
Logical Name Description
TCPIP$FTP_ALLOW_ADDR_REDIRECT Allows active-mode connections from an IP address other than the server's. By default, such connections are not allowed, thereby preventing unauthorized data connections from unknown servers.
TCPIP$FTP_ALLOW_PORT_REDIRECT Allows passive-mode connections from ports other than port 20. By default, such connections are not allowed, preventing unauthorized data connections from unknown servers.
TCPIP$FTP_ANONYMOUS_ALIAS Defines an equivalence list (up to 10 entries) of the login names of users with access to the ANONYMOUS account. These users share the same access rights and restrictions.

If you do not define this logical name, the default is ANONYMOUS as the only login name.

The following command shows how to create an equivalence list with the names THOMAS, JONES, and SMITH. These users can log in to the ANONYMOUS account without a password.

$ DEFINE/SYSTEM/EXEC TCPIP$FTP_ANONYMOUS_ALIAS -

_$ THOMAS,JONES,SMITH
TCPIP$FTP_ANONYMOUS_DIRECTORY Defines public directories accessible by the anonymous FTP user.
TCPIP$FTP_ANONYMOUS_LOG Defines the location of the anonymous log file. The default is SYS$SYSDEVICE:[TCPIP$FTP].
TCPIP$FTP_ANONYMOUS_WELCOME Allows you to specify text that is displayed to anonymous users at connect time, after the login sequence. For more information, see Section 16.1.3.2.
TCPIP$FTP_COMPAT_REV Allows you to set V5.1 compatibility mode for the user process. V5.1 compatibility mode disables certain file specification changes that were made under V5.3 for the Common Operating Environment (COE).

To enable V5.1 compatibility mode, define the logical name to 5.1. For example:

$ DEFINE TCPIP$FTP_COMPAT_REV "5.1"

TCPIP$FTPD_COMPAT_REV Allows you to set V5.1 compatibility mode for all users. To enable V5.1 compatibility, define the logical name to 5.1. For example:
$ DEFINE/SYSTEM TCPIP$FTPD_COMPAT_REV "5.1"

TCPIP$FTP_CONVERT_FILE Define this logical name as TRUE or FALSE. If defined as TRUE, the FTP server converts files to variable with fixed-length control (VFC) formatted files before transfer. With the VFC file, users retain the Record Management Services (RMS) formatting information of their files. For more information about RMS, refer to the OpenVMS Record Management Services Reference Manual.

If TCPIP$FTP_CONVERT_FILE is defined as FALSE, there is no conversion, and RMS formatting information is lost after the file transfer.

TCPIP$FTPD_ALLOW_ADDR_REDIRECT Allows passive-mode connections from an IP address other than the client's. By default, such connections are not allowed, thereby preventing unauthorized data connections from unknown clients.
TCPIP$FTPD_ALLOW_PORT_REDIRECT Allows passive-mode connections from a privileged port. By default, such connections are not allowed, preventing unauthorized data connections from unknown clients.
TCPIP$FTPD_DIR_RECURSIVE Enables recursive directory listings for the ls and dir commands.
TCPIP$FTPD_IDLETIMEOUT Defines the maximum time interval that FTP child processes can remain idle before FTP closes them. TCP/IP Services terminates the FTP process if no control or data connection activity exists for the specified time. The default idle time is 15 minutes. This feature can help to improve system performance.

Specify the value as hh:mm:ss.

TCPIP$FTPD_KEEPALIVE Enables the FTP server to detect idle and broken FTP connections. Define this logical on the server host by entering:
TCPIP> DEFINE /SYSTEM/EXEC TCPIP$FTPD_KEEPALIVE 1

TCPIP$FTPD_LOG_CLIENT_ACTIVITY Activates logging of session-specific information, requests, and responses. The log file created is SYS$LOGIN:TCPIP$FTP_SERVER.LOG.
TCPIP$FTPD_NO_FILESIZE_HINT If defined, the FTP client does not display the file size hint.
TCPIP$FTP_FILE_ALQ Specifies the number of blocks to be preallocated by Record Management Services (RMS) to a disk when a file is created.
TCPIP$FTP_FILE_DEQ Specifies the number of blocks to be added when RMS automatically extends the file.
TCPIP$FTP_HELP Specifies an alternate HELP file. By default, the command HELP FTP reads the data in SYS$HELP:TCPIP$FTP_HELP.HLB. This logical allows you to specify an alternate HELP file, useful for getting information in a non-English language. For example, to define an alternate HELP library file, enter the following command:
$ DEFINE/SYSTEM TCPIP$FTP_HELP
dev:[directory]filename.HLB

where dev:[directory]filename.HLB specifies the alternate HELP library file.

TCPIP$FTP_KEEPALIVE Enables the FTP client to detect idle and broken FTP connections. Define this logical name in the system logical name table, as follows:
$ DEFINE /SYSTEM/EXEC TCPIP$FTP_KEEPALIVE 1

TCPIP$FTP_NO_VERSION If defined, FTP does not send file version numbers when you enter the mget and the ls commands to a host that is not an OpenVMS host. Define this logical name in the system logical name table, as follows:
$ DEFINE /SYSTEM/EXEC TCPIP$FTP_NO_VERSION 1

TCPIP$FTP_RAW_BINARY With this logical name turned on, FTP transfers files in block I/O mode if the server and client are in binary (image) mode. To activate this feature, define the logical name as TRUE.

An FTP end-user can override your FALSE definition with the FTP PUT /RAW command.

TCPIP$FTP_SERVER Defines the name and location of the TCPIP$FTP_SERVER.LOG file. By default, the log file is stored in the directory pointed to by SYS$LOGIN. For example, to specify a different directory, enter the following command:
$ DEFINE/SYSTEM TCPIP$FTP_SERVER
dev: -

[directory]filename.log

TCPIP$FTP_SERVER_ANNOUNCE Allows you to specify text that is displayed to users when they connect, before the login sequence.

The following example shows how to specify a prelogin announcement:

$ DEFINE/SYSTEM/EXEC TCPIP$FTP_SERVER_ANNOUNCE "FTP Ready"

To activate this change, shut down the FTP server and restart it, as described in Section 16.1.2.

TCPIP$FTP_SERVER_LOG_CLIENT_BY_ADDRESS Specifies that the FTP server will be using IP addresses instead of host names.
TCPIP$FTP_SERVER_NAME_SERVICE_RETRY Specifies the number of times the BIND resolver should attempt to contact a BIND server if the first attempt fails.

This logical name has no effect if the FTP server is using IP addresses instead of host names (that is, the logical name TCPIP$FTP_SERVER_LOG_CLIENT_BY_ADDRESS is defined).

TCPIP$FTP_SERVER_NAME_SERVICE_TIMEOUT Specifies the number of seconds for the timeout interval. For more information, refer to the description of the SET NAME_SERVICE/TIMEOUT command in the HP TCP/IP Services for OpenVMS Management Command Reference manual.

This logical name has no effect if the FTP server is using IP addresses instead of host names (that is, the logical name TCPIP$FTP_SERVER_LOG_CLIENT_BY_ADDRESS is defined).

TCPIP$FTP_STREAMLF If defined, the FTP server and client create files as RMS STREAM_LF files. The default is variable-length files.
TCPIP$FTP_SERVER_GENERIC_READY_MESSAGE If defined, the FTP server will not display specific service information when users connect. For example, when this logical name is not defined:
NODE> FTP FTPSERVER/USER=auser/PASS=mypassword

220 ftpserver.node.com FTP Server (Version 5.4) Ready.
Connected to ftpserver.mysys.myco.com.
331 Username AUSER requires a Password
230 User logged in.
FTP>

When this logical name is defined, the following is displayed when users connect:

$ FTP FTPSERVER/USER=auser/PASS=mypassword

220 FTP server ready
Connected to ftpserver.mysys.myco.com.
331 Username AUSER requires a Password
230 User logged in.
FTP>

You must restart the FTP service after changing the setting of this logical name.

TCPIP$FTP_WNDSIZ Sets the size of the TCP send and receive transmission windows. Specify a decimal number for the number of bytes.

16.1.4.1 FTP Log Files

By default, the FTP server creates several log files you can use to monitor the service and user transactions. These log files are:

  • SYS$SYSDEVICE:[TCPIP$FTP]TCPIP$FTP_RUN.LOG
    This log file contains an abbreviated dialog of each new connection process. It is created by each new invocation of the server and is accessible only after an ongoing connection times out or after being closed by the user.
  • SYS$SYSDEVICE:[TCPIP$FTP]TCPIP$FTP_ANONYMOUS.LOG
    This log file contains Anonymous FTP entries that show:
    • The user name and source host (FTP client) for the session
    • The time the session was initiated and terminated
    • The FTP command that was entered
    • A time notation for the command
    • The source and destination file names
  • SYS$LOGIN:TCPIP$FTP_SERVER.LOG
    This log file is created in the user's default login directory. It records session information, requests, and responses. To initiate the creation of this log file, the user can define the TCPIP$FTP_LOG_CLIENT_ACTIVITY logical name. To ensure that all users' FTP activity is being logged, define this logical systemwide, as described in Section 16.1.4.

The number of log files (one per FTP session) might become large. To limit the number of versions, enter:


$ SET FILE file /VERSION=n

16.2 Solving FTP Problems

16.2.1 Illegal Command Error

By default, the FTP server does not allow you to specify an IP address other than that of the connected client, or the specification of a privileged port, in the PORT, LPRT, or EPRT commands. Any such commands are rejected with the following error:


500 Illegal {PORT|LPRT|EPRT} command.

The FTP server and client prevent data connection "theft" by a third party. For the FTP server, this applies to passive-mode connections from an IP address other than the client's, or from a privileged port. For the FTP client, this applies to active-mode connections from an IP address other than the server's, or from a port other than port 20.

You can restore the original behavior by defining the following logical names:

Server Client
TCPIP$FTPD_ALLOW_ADDR_REDIRECT TCPIP$FTP_ALLOW_ADDR_REDIRECT
TCPIP$FTPD_ALLOW_PORT_REDIRECT TCPIP$FTP_ALLOW_PORT_REDIRECT

These logical names allow you to relax the IP address and port checks independently in the FTP server and the FTP client. For more information, see Table 16-1.

16.2.2 Performance

You can improve FTP performance for users who transfer large files from systems that are not running TCP/IP Services to a host running the TCP/IP Services software.

Large file transfers can affect file transfer performance. A file transfer consists of the following events:

  1. FTP calls RMS to create the file.
  2. RMS creates the file with the system's default for number of blocks to be allocated (FTP_FILE_ALQ value).
  3. If the file being copied is larger than the space originally allocated, RMS extends the space by adding blocks of memory space.
  4. The number of extension blocks is determined by the system's RMS default extension quantity (FTP_FILE_DEQ value). For more information about RMS, refer to the OpenVMS Record Management Services Reference Manual.

Performance is affected by the RMS overhead taken up by the file extension process. One way to improve performance is to reset the appropriate parameters. To do this, redefine the FTP logical names that:

  • Reset buffer sizes
  • Preallocate disk blocks
  • Increase the inactivity timer

These logical names are described in the following sections.

16.2.2.1 Buffer Sizes

Changing the window size of the send and receive buffers can improve network performance. To set or modify the window size, define or redefine the logical name TCPIP$FTP_WNDSIZ.

  • For a systemwide change, redefine this logical name in the system table.
    Edit the SYS$MANAGER:TCPIP$SERVICES_SETUP file to add this line:


    $ DEFINE /SYSTEM /EXEC TCPIP$FTP_WNDSIZ 4096
    
  • For the change to apply to one user, define the logical name in the LOGIN.COM file in the default directory of that user.

For noisy lines, such as modems, you should set the value of the TCPIP$FTP_WNDSIZ parameter to a lower number.

16.2.2.2 File Allocation and Extension Sizes

FTP logical names preallocate disk blocks. FTP tells RMS to truncate unused blocks so that disk space is not wasted. This can affect RMS performance.

To reduce the RMS overhead, use the following logical names:

  • TCPIP$FTP_FILE_ALQ --- Modifies the allocation quantity.
    Specifies the number of blocks to be allocated to a disk file when it is created. For example:


    $ DEFINE /SYSTEM/EXEC TCPIP$FTP_FILE_ALQ 50000
    
  • TCPIP$FTP_FILE_DEQ --- Default extension quantity.
    Specifies the number of blocks to be added when RMS automatically extends the file. For example,


    $ DEFINE TCPIP$FTP_FILE_DEQ 100
    

Define these logicals in the TCPIP$SYSTARTUP.COM procedure, or in the SYS$MANAGER:STARTUP_VMS.COM file before the command that starts TCP/IP Services. Because disk quotas may control the system, these logical names are defined by default as zero (system RMS defaults) or are undefined. For file transfers between hosts that both use VMS Plus mode, these logical names have no effect.

16.2.2.3 Inactivity Timer

The larger the inactivity timer value, the longer FTP maintains sessions without timing out. Excessive inactive sessions might slow down performance, degrade security, or prevent other users from establishing sessions.

To increase the inactivity timer, change the value of the TCPIP$FTPD_IDLETIMEOUT logical name. The default is 15 minutes. For example:


$ DEFINE TCPIP$FTPD_IDLETIMEOUT 01:00:00


Chapter 17
Remote (R) Commands

The TCP/IP Services software includes client and server implementations of the Berkeley Remote (R) command applications: RCP, RLOGIN, RSH, REXEC, and RMT/RCD. These applications provide end users with the following capabilities:

RCP Allows files to be copied between remote hosts.
RLOGIN Provides interactive access to remote hosts.
RSH Passes a command to a remote host for execution.
REXEC Authenticates and executes RCP and other commands.
RMT/RCD Provides remote access to magnetic tape and CD-ROM drives.

This chapter reviews key concepts and describes:

For information about using these applications, see the HP TCP/IP Services for OpenVMS User's Guide.

17.1 Key Concepts

In addition to password authentication, the R commands use a system based on trusted hosts and users. Trusted users on trusted hosts are allowed to access the local system without providing a password. Trusted hosts are also called "equivalent hosts" because the software assumes that users given access to a remote host should be given equivalent access to the local host. The system assumes that user accounts with the same name on both hosts are "owned" by the same user. For example, the user logged in as molly on a trusted system is granted the same access as a user logged in as molly on the local system.

This authentication system requires databases that define the trusted hosts and the trusted users. On UNIX systems, these databases include:

  • /etc/hosts.equiv
    This file defines the trusted hosts and users for the entire system.
  • .rhosts
    This file defines the trusted hosts and users for an individual user account. This file is located in the user's home directory.

On OpenVMS hosts, the proxy database TCPIP$PROXY.DAT defines trusted hosts and users for the entire system.

17.2 Managing the R Command Servers

The following sections describe the command procedures and logical names used in managing the R command servers.

17.2.1 R Command Server Startup and Shutdown

Each R command server can be shut down and started independently. This is useful when you change parameters or logical names that require the service to be restarted.

The following files allow you to start up each R command server independently:

  • SYS$STARTUP:TCPIP$REXEC_STARTUP.COM
  • SYS$STARTUP:TCPIP$RMT_STARTUP.COM
  • SYS$STARTUP:TCPIP$RSH_STARTUP.COM
  • SYS$STARTUP:TCPIP$RLOGIN_STARTUP.COM

The following files allow you to shut down the each R command server independently:

  • SYS$STARTUP:TCPIP$REXEC_SHUTDOWN.COM
  • SYS$STARTUP:TCPIP$RMT_SHUTDOWN.COM
  • SYS$STARTUP:TCPIP$RSH_SHUTDOWN.COM
  • SYS$STARTUP:TCPIP$RLOGIN_SHUTDOWN.COM

To preserve site-specific parameter settings and commands to be executed when the R server starts up, create one of the following files, as appropriate. These files are not overwritten when you reinstall TCP/IP Services:

  • SYS$STARTUP:TCPIP$REXEC_SYSTARTUP.COM
  • SYS$STARTUP:TCPIP$RMT_SYSTARTUP.COM
  • SYS$STARTUP:TCPIP$RSH_SYSTARTUP.COM
  • SYS$STARTUP:TCPIP$RLOGIN_SYSTARTUP.COM

To preserve site-specific parameter settings and commands to be executed when the R server shuts down, create one of the following files, as appropriate. These files are not overwritten when you reinstall TCP/IP Services:

  • SYS$STARTUP:TCPIP$REXEC_SYSHUTDOWN.COM
  • SYS$STARTUP:TCPIP$RMT_SYSHUTDOWN.COM
  • SYS$STARTUP:TCPIP$RSH_SYSHUTDOWN.COM
  • SYS$STARTUP:TCPIP$RLOGIN_SYSHUTDOWN.COM

17.2.2 Managing RLOGIN with Logical Names

Table 17-1 lists the logical names you can use for managing the RLOGIN service.

Table 17-1 RLOGIN Logical Names
Logical Name Description
TCPIP$RLOGIN_VTA Enables RLOGIN virtual terminals. To enable virtual terminals on RLOGIN connections, set the value of this logical name to TRUE. To disable them, set the value to FALSE. For example:
$ DEFINE/SYSTEM/EXEC TCPIP$RLOGIN_VTA "TRUE"

For more information, see Section 17.3.

TCPIP$RLOGIN_MESSAGE Specifies the welcome message displayed by the RLOGIN server. For more information, see Section 17.4.


Previous Next Contents Index