[Info-vax] Need to set up a special purpose account

Stephen Hoffman seaohveh at hoffmanlabs.invalid
Mon Oct 10 11:44:52 EDT 2016 

On 2016-10-10 13:17:17 +0000, Tom Adams said:

> On Friday, October 7, 2016 at 3:48:49 PM UTC-4, Stephen Hoffman wrote:
>> On 2016-10-07 19:37:15 +0000, Tom Adams said:
>> 
>>> None of the anonymous-related logical names are defined.
>> 
>> Fix the log owership to allow ANONYMOUS to write the logs.  [ANONY,ANONYMOUS]
>> 
>> 
>> 
>> --
>> Pure Personal Opinion | HoffmanLabs LLC
> 
> One odd thing I noticed is this:
> 
> $ dir dsa0:[ucx$ftp]*anon*/owner/date
> 
> Directory DSA0:[UCX$FTP]
> 
> UCX$FTP_ANONYMOUS.LOG;1
>                       8-AUG-1997 07:15:00.61  [UCX$AUX,UCX$FTP]
> 
> Total of 1 file.
> $ dir dsa0:[tcpip$ftp]*anon*/owner/date
> 
> Directory DSA0:[TCPIP$FTP]
> 
> TCPIP$FTP_ANONYMOUS.LOG;1
>                       8-AUG-1997 07:15:00.61  [SYSTEM]
> 
> Total of 1 file.
> 
> This is the same file with different names (not sure how that works).

Answered in another reply.   Piled up crap that hasn't been dealt with. 
  This is the same leftover-mess from upward-compatibility problem as 
that old VAX C code, effectively.

> 
> But the TCPIP one is owned by [SYSTEM]
> 
> I set the owner of TCPIP$FTP_ANONYMOUS to [TCPIP$AUX,TCPIP$FTP] (the 
> owner of the directory) but I got a confusing error in 
> TCPIP$FTP_RUN.LOG when I tested.

I wouldn't change that directory ownership, and I'd probably move the 
anonymous FTP log somewhere else, or would set the anonymous FTP log 
itself to something that the anonymous FTP bits can write to — and 
would not open up write access to FTP or the anonymous FTP user wider 
than abosolutely necessary.

> So, I set the owner back to [SYSTEM] and set the protection to W:RWED. 
> But I got the same error, here is the error:
> 
> 
> %SYSTEM-F-NOSUCHID, unknown rights identifier
> %TCPIP-E-FTP_LOGFAL, remote interactive login failure anonymous
> -TCPIP-I-FTP_NODE, client host name: EESD.nheerl.epa.gov
> -LOGIN-F-NOSUCHUSER, no such user
> %TCPIP-I-FTP_SESCON, FTP SERVER: session connection from EESD.nheerl.epa.gov at
> 10-OCT-2016 09:10:52.48
> 
> I tried 3 passwords: guest, sysmgr, and adams
> 
> 2 of them are account names in the UAF.  I got the same error for all three.

Your anonymous user doesn't have the default credentials.   Which means 
either that user does not exist, or something blocked the default 
account creation.   Go figure out why that is.

ps: You have exposed your login credentials in cleartext to the 'net, 
and for the most privileged users on this server.   I'd ssh into this 
OpenVMS box and change those credentials.



-- 
Pure Personal Opinion | HoffmanLabs LLC

More information about the Info-vax mailing list