Environment
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 3
Novell Open Enterprise Server 11 (OES 11) Linux
Situation
An OES 2 or OES 11 server which has "Novell FTP" enabled (also known as LUM-enabled pure-ftpd) will not be able to do anonymous FTP until extra steps are taken.
Resolution
Anonymous FTP relies on a user called "ftp" with UID 40. This user typically exists already in /etc/passwd. However, Novell FTP does not authenticate against /etc/passwd, it only authenticates against eDirectory. To set up the necessary account in eDirectory, follow these steps:
1. Edit /etc/passwd and remove the line for the "ftp" user. Alternatively, use Yast, Security and Users, User Management, Set Filter to "System Users". Highlight "ftp" and click the "Delete" button.
NOTE: SLES 11 provides a FTP Server configuration tool in Yast (Network Services, FTP Server). That tool will no longer be fully functional after deleting the ftp user from /etc/passwd. At a minimum, it will no longer be possible to set the anonymous user's home directory from the Yast tool, as it wants to modify the account in /etc/passwd. That home directory setting will need to be made against the new eDir ftp account. See steps 2-4 below. Most of the other settings in the Yast FTP Server tool (except in "Startup", plus the firewall setting in "Expert Settings") simply modify /etc/pure-ftpd/pure-ftpd.conf, which of course can be done manually. This TID was written with manual configuration in mind.
2. In iManager, create a new user called "ftp". Other names, such as "anonymous" and "ftpuser", should not be used.
3. Lum-enable the new ftp user account. This is done in iManager, Linux User Manager, Enable Users for Linux. Follow the prompts there to select the user, create or select a LUM-enabled group, Unix Config Object, etc., until the process is finished.
4. Modify the ftp user account. (iManager, Users, Modify User.)
Go to the Linux Profile Tab.
Set the UID to 40.
[More recent testing has shown this UID setting to be unnecessary. "40" is normally
used in /etc/passwd for the ftp user, so for the sake of consistency, it may be best to
do the same here. But use of other UIDs appears to work as well.]
Set the Home Directory to the local path on the OES server. This user's home is usually /srv/ftp but can be elsewhere.
A valid shell should be present, usually /bin/bash.
The Primary Group ID should already be populated, from what was done in step #3.
5. Set appropriate permissions or rights for that home directory:
For Linux file systems, normally the anonymous home directory is owned by root:root and has permissions rwxr-xr-x. This may or may not be suitable for every need.
For NSS file systems, give the "ftp" user applicable rights. Depending on need, that could be anything from RF to RFWECM.
6. On the OES server where Novell FTP will run, execute:
namconfig cache_refresh
7. Review /etc/pure-ftpd/pure-ftpd.conf and ensure that any setting with "Anonymous" in its name is configured as desired. There are many settings to check, but most importantly, set:
NoAnonymous no
8. If changes were made to /etc/pure-ftpd/pure-ftpd.conf, restart it with:
rcpure-ftpd restart
Additional Information
This document supersedes KB 7001784.