FTP server will not start??

All types of networks, network stacks, and protocols supported by OpenVMS.
Post Reply

Topic author
willemgrooters
Valued Contributor
Posts: 87
Joined: Fri Jul 12, 2019 1:59 pm
Reputation: 0
Location: Netherlands
Status: Offline
Contact:

FTP server will not start??

Post by willemgrooters » Mon Sep 20, 2021 3:51 pm

I have FTP enabled via TCPIP$CONFIG, and was able to pass files in both directions.
After a reboot, - with no changes in configuration - FTP service is not enabled, so the system cannot be accessed for file transfer:

Code: Select all

$ tcpip sho serv ftp

Service             Port  Proto    Process          Address            State

FTP                   21  TCP      TCPIP$FTP        0.0.0.0             Disabled
$
The reason is in the logfile:

Code: Select all

$ type sys$sysdevice:[tcpip$ftp]tcpip$ftp_run.log
%DCL-E-NOCMDPROC, error opening captive command procedure - access denied
  TCPIP$FTP    job terminated at 20-SEP-2021 19:15:11.15

  Accounting information:
  Buffered I/O count:                 29      Peak working set size:       2160
  Direct I/O count:                   18      Peak virtual size:         172864
  Page faults:                       154      Mounted volumes:                0
  Charged CPU time:        0 00:00:00.03      Elapsed time:       0 00:00:00.16
$
Enabling the service doesn't work either:

Code: Select all

$ tcpip ena serv ftp
$ tcpip sho serv ftp

Service             Port  Proto    Process          Address            State

FTP                   21  TCP      TCPIP$FTP        0.0.0.0             Disabled
$
FTP seems started normally on reboot:
...
%TCPIP-S-STARTDONE, TCPIP$FTP startup completed
%TCPIP-S-STARTDONE, TCPIP$FTP_CLIENT startup completed
...
Other services that seem to have a similar behaviour are NTP and XDM: Both seem to have started according messages in boot, but both services are (and remain) disabled.

(HPE VMS 8.4)


vmskostoff
Active Contributor
Posts: 39
Joined: Fri Jun 28, 2019 10:29 am
Reputation: 0
Location: Gary, Indiana
Status: Offline

Re: FTP server will not start??

Post by vmskostoff » Mon Sep 20, 2021 6:06 pm

The word, "captive" bothers me. Seems like wrong account booted under.
I would think SYSTEM would start TCPIP services.

So does the previous boot and thus log file reveal anything different? tcpip$ftp_run.log;-1?

It would seem to go nuclear and delete the service and re-enable it would be over the top. It seems
there should be more of an obvious cause.

Could go into AUTHORIZE, check TCPIP$FTP as an account .... see where it is start from .... see how it compares to
other TCPIP services defined in AUTHORIZE.

UAF> sho TCPIP$FTP

check UIC
Last edited by vmskostoff on Mon Sep 20, 2021 6:17 pm, edited 4 times in total.


jonesd
Valued Contributor
Posts: 74
Joined: Mon Aug 09, 2021 7:59 pm
Reputation: 0
Status: Offline

Re: FTP server will not start??

Post by jonesd » Mon Sep 20, 2021 9:12 pm

vmskostoff wrote:
Mon Sep 20, 2021 6:06 pm
The word, "captive" bothers me. Seems like wrong account booted under.
I would think SYSTEM would start TCPIP services.

So does the previous boot and thus log file reveal anything different? tcpip$ftp_run.log;-1?
At boot, SYSTEM will start TCPIP services, but the daemons run under separate, non-privileged, accounts.

On my system, the tcpip$ftp is flagged restricted, not captive (and also limited to network access only). My first step would be to make sure the lgicmd command procedure exists (default is "LOGIN") and is readable by the tcpip$ftp account, then make sure LOGIN was not defined as a logical name.


Topic author
willemgrooters
Valued Contributor
Posts: 87
Joined: Fri Jul 12, 2019 1:59 pm
Reputation: 0
Location: Netherlands
Status: Offline
Contact:

Re: FTP server will not start??

Post by willemgrooters » Tue Sep 21, 2021 3:07 am

All standard:

Code: Select all

$ mc authorize show tcpip$FTP

Username: TCPIP$FTP                        Owner:  TCPIP$FTP
Account:  TCPIP                            UIC:    [3655,1] ([TCPIP$AUX,TCPIP$FTP])
CLI:      DCL                              Tables: DCLTABLES
Default:  SYS$SYSDEVICE:[TCPIP$FTP]
LGICMD:   LOGIN
Flags:  Restricted
Primary days:   Mon Tue Wed Thu Fri
Secondary days:                     Sat Sun
Primary   000000000011111111112222  Secondary 000000000011111111112222
Day Hours 012345678901234567890123  Day Hours 012345678901234567890123
Network:  ##### Full access ######            ##### Full access ######
Batch:    -----  No access  ------            -----  No access  ------
Local:    -----  No access  ------            -----  No access  ------
Dialup:   -----  No access  ------            -----  No access  ------
Remote:   -----  No access  ------            -----  No access  ------
Expiration:            (none)    Pwdminimum:  6   Login Fails:     0
Pwdlifetime:         90 00:00    Pwdchange:      (pre-expired)
Last Login:            (none) (interactive), 12-AUG-2021 21:13 (non-interactive)
Maxjobs:         0  Fillm:        50  Bytlm:       108000
Maxacctjobs:     0  Shrfillm:      0  Pbytlm:           0
Maxdetach:       0  BIOlm:        96  JTquota:       4096
Prclm:           8  DIOlm:        96  WSdef:          350
Prio:            8  ASTlm:       250  WSquo:          512
Queprio:         4  TQElm:        15  WSextent:       512
CPU:        (none)  Enqlm:       100  Pgflquo:      10240
Authorized Privileges:
  NETMBX       TMPMBX
Default Privileges:
  NETMBX       TMPMBX
$

$ dir/sec sys$sysdevice:[000000]tcpip$ftp

Directory SYS$SYSDEVICE:[000000]

TCPIP$FTP.DIR;1      [TCPIP$AUX,TCPIP$FTP]            (RWE,RWE,RE,E)

Total of 1 file.
$ dir/sec sys$sysdevice:[tcpip$ftp]login.com

Directory SYS$SYSDEVICE:[TCPIP$FTP]

LOGIN.COM;1          [TCPIP$AUX,TCPIP$FTP]            (RWED,RWED,RE,RE)

Total of 1 file.
$

User avatar

m_detommaso
Valued Contributor
Posts: 66
Joined: Thu Jun 06, 2019 6:57 am
Reputation: 0
Location: Brindisi (Italy)
Status: Offline
Contact:

Re: FTP server will not start??

Post by m_detommaso » Tue Sep 21, 2021 6:16 am

Let me to suggest you to check the security profile of sys$manager:sylogin.com :

$ dir/sec sys$manager:sylogin.com

Directory SYS$COMMON:[SYSMGR]

SYLOGIN.COM;14 [SYSTEM] (RWED,RWED,RE,RE)

Total of 1 file.

Make sure that WORLD=RE.

If not, then

$ set sec/class=file/prot=(w:re)/log sys$manager:sylogin.com

Keep me updated.

/Maurizio


Topic author
willemgrooters
Valued Contributor
Posts: 87
Joined: Fri Jul 12, 2019 1:59 pm
Reputation: 0
Location: Netherlands
Status: Offline
Contact:

Re: FTP server will not start??

Post by willemgrooters » Tue Sep 21, 2021 7:34 am

Thanks Maurizio - that indeed was wrong.

Enabled the services (FTP, NTP and XDM, these were all disabled but should work):

Code: Select all

$ TCPIP ENA SERV <service>
did the trick with NTP and XDM, for FTP, it needed to be started as well:

Code: Select all

$ @SYS$STARTUP:TCPIP$FTP_STARTUP

User avatar

volkerhalle
Master
Posts: 196
Joined: Fri Aug 14, 2020 11:31 am
Reputation: 0
Status: Offline

Re: FTP server will not start??

Post by volkerhalle » Tue Sep 21, 2021 9:31 am

Maurizio,

it should be noted, that WO:E is sufficient, to execute a DCL procedure (or image), if there is no need to be able to look at the contents of the procedure/image.

Volker.

Post Reply