[Info-vax] Need to set up a special purpose account

[Stephen Hoffman]

On 2016-10-07 13:14:52 +0000, Tom Adams said:

> I need an account a VMS 7.3-2 node that is accessed only to get files 
> from a specific directory.  Files will retrieved from the VMS node 
> using FTP.  I like to set it up without a password so that multiple 
> people can use it without knowing a password.
> 
> But, I might just punt and set up a normal account with a password and 
> give it limited or no privileges.
> 
> Any ideas for a limited shared account for just getting files?

Shared logins are problematic in general, as there's little 
accountability, the clutter tends to build up as folks add and then 
forget to delete files, and — if there's write-access — the directories 
can end up filed with files you really don't want to have around; files 
and data that can be illicit or illegal or otherwise.  FTP is also a 
pain around modern networks and firewalls, and its utterly insecure.

Choices here include setting up sftp and digital certificates — which 
allow you to avoid passwords, but to remain secure, and to have the 
ability to revoke access from the server — or read up on setting up 
anonymous FTP.   Or use a web server and download the files from there, 
if the clients are downloading from a system that has a web browser.   
Or set up a captive login and procedure and have the server box mail 
the files to the recipient.

Here's a write-up for arbitrary client to OpenVMS: 
http://labs.hoffmanlabs.com/node/1118

Here are the basics of anonymous FTP:  
http://h30266.www3.hp.com/odl/vax/network/tcpipv42/manage/6526pro_008.html#anon_ftp_sec 


Here's a simple DCL CGI script, which can give you an idea of what is 
possible beyond anchor tags and ftp links: 
http://labs.hoffmanlabs.com/node/277

There are sftp clients available for most computing platforms, and most 
or all of the available sftp clients support certificate-based logins.

Captive login: http://labs.hoffmanlabs.com/node/491

-- 
Pure Personal Opinion | HoffmanLabs LLC