Enabling anonymous FTP on OES 'Novell FTP"

  • 7002984
  • 04-Apr-2012
  • 16-Sep-2016

Environment

Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 3
Novell Open Enterprise Server 11 (OES 11) Linux

Situation

An OES 2 or OES 11 server which has "Novell FTP" enabled (also known as LUM-enabled pure-ftpd) will not be able to do anonymous FTP until extra steps are taken.

Resolution

Anonymous FTP relies on a user called "ftp" with UID 40.  This user typically exists already in /etc/passwd.  However, Novell FTP does not authenticate against /etc/passwd, it only authenticates against eDirectory.  To set up the necessary account in eDirectory, follow these steps:
 
1.  Edit /etc/passwd and remove the line for the "ftp" user.  Alternatively, use Yast, Security and Users, User Management, Set Filter to "System Users".  Highlight "ftp" and click the "Delete" button.
 
NOTE:  SLES 11 provides a FTP Server configuration tool in Yast (Network Services, FTP Server).  That tool will no longer be fully functional after deleting the ftp user from /etc/passwd.  At a minimum, it will no longer be possible to set the anonymous user's home directory from the Yast tool, as it wants to modify the account in /etc/passwd.  That home directory setting will need to be made against the new eDir ftp account.  See steps 2-4 below.  Most of the other settings in the Yast FTP Server tool (except in "Startup", plus the firewall setting in "Expert Settings") simply modify /etc/pure-ftpd/pure-ftpd.conf, which of course can be done manually.  This TID was written with manual configuration in mind.
 
2.  In iManager, create a new user called "ftp".  Other names, such as "anonymous" and "ftpuser", should not be used.
 
3.  Lum-enable the new ftp user account.  This is done in iManager, Linux User Manager, Enable Users for Linux.  Follow the prompts there to select the user, create or select a LUM-enabled group, Unix Config Object, etc., until the process is finished.
 
4.  Modify the ftp user account. (iManager, Users, Modify User.)
 
     Go to the Linux Profile Tab.
 
     Set the UID to 40.
     [More recent testing has shown this UID setting to be unnecessary.  "40" is normally
     used in /etc/passwd for the ftp user, so for the sake of consistency, it may be best to
     do the same here.  But use of other UIDs appears to work as well.]
 
     Set the Home Directory to the local path on the OES server.  This user's home is usually /srv/ftp but can be elsewhere.
 
     A valid shell should be present, usually /bin/bash.
 
     The Primary Group ID should already be populated, from what was done in step #3.
 
5.  Set appropriate permissions or rights for that home directory:
 
For Linux file systems, normally the anonymous home directory is owned by root:root and has permissions rwxr-xr-x.  This may or may not be suitable for every need.
 
For NSS file systems, give the "ftp" user applicable rights.  Depending on need, that could be anything from RF to RFWECM.
 
6.  On the OES server where Novell FTP will run, execute:
namconfig cache_refresh
 
7.  Review /etc/pure-ftpd/pure-ftpd.conf and ensure that any setting with "Anonymous" in its name is configured as desired.  There are many settings to check, but most importantly, set:
NoAnonymous    no
 
8.  If changes were made to /etc/pure-ftpd/pure-ftpd.conf, restart it with:
rcpure-ftpd restart

Additional Information

This document supersedes KB 7001784.