All FTP_ANON logical names should now be placed in the logical name table FTP_NAME_TABLE, to get them out of the system name table. To do this, add the following lines to your IP_STARTUP.COM: $ CREATE/NAME_TABLE/EXEC/PROT=(S:RWED,O:RWED,G:R,W:R)- /PARENT=LNM$SYSTEM_DIRECTORY FTP_NAME_TABLE $ FTPDEF := DEFINE/TABLE=FTP_NAME_TABLE/EXEC/NOLOG then use FTPDEF to define the FTP_ANON... logical names, for example: $ FTPDEF FTP_ANONYMOUS_DIRS USER$:[ANONYMOUS...] $ FTPDEF FTP_ANON_LOAD_THRESHOLD "0.5" $ FTPDEF FTP_ANON_PRIME_DAYS "2,3,4" ! Tuesday, Wednesday, Thursday Added system load checking on anonymous logins if LAV0 device is available. To enable, define the following logical names in FTP_NAME_TABLE: FTP_ANON_LOAD_THRESHOLD some floating-point number between 0.0 and 1.0. FTP_ANON_PRIME_DAYS day-numbers -- indicate "prime time" days FTP_ANON_PRIMETIME_START time-of-day -- indicates start of "prime time" FTP_ANON_PRIMETIME_END time-of-day -- indicates end of "prime time" FTP_ANON_TIME_ZONE any character string indicating local time zone The only required logical is FTP_ANON_LOAD_THRESHOLD. If that logical name exists and the LAV0 device exists, the load checking code is used. The code does the following: If FTP ANON_PRIME_DAYS is defined, it is translated. The comma-separated list of numbers (where 1=Monday, 2=Tuesday, etc.) is used to identify the days in which "prime time" is effective. If it does not exist, "prime time" is assumed to be in effect Monday through Friday. Note: Use ONLY numbers 1 through 7, and NO SPACES in the string. Surround the string with quotation marks when defining! If FTP_ANON_PRIMETIME_START is defined, it is translated and converted into a system date-time value using LIB$CONVERT_DATE_STRING. If not, then 09:00 is used as the start of "prime time". If FTP_ANON_PRIMETIME_END is defined, it is translated and converted into a system date-time value using LIB$CONVERT_DATE_STRING. If not, then 17:00 is used as the end of "prime time". If the current time is between the prime-time start and end times, then the current load averages are read from the LAV device. The current load is computed using the following formula: load = M15 * (P15 / 4.0) where M15 is the average load over the last 15 minutes, and P15 is the average priority over the last 15 minutes. Thus, the average load is normalized against typical interactive priority to guard against low-priority batch jobs preventing guest login access. If the load is greater than or equal to the LOAD_THRESHOLD value, then the guest login is denied with a reason of "system too busy". If the threshold is not exceeded, then the guest login is accepted, but the user is warned to minimize access during prime time (with the start and end times displayed along with the time zone information [if FTP_ANON_TIME_ZONE is defined]). If the current time does not fall within prime time, no load checking is performed. > Enhanced the Anonymous FTP support provided by CMU. The enhancements include: * ANONYMOUS is never allowed privileges regardless of the contents of its UAF record. * All ANONYMOUS FTP sessions create logs. Each session creates a file SYS$MANAGER:ANON_FTP_LOG.LOG. You can put them elsewhere by defining ANON_FTP_LOG system-wide to a different location. The password given to ANONYMOUS is logged along with the remote host's name and address, as well as RETR, LIST, NLST, CWD, and CDUP commands. The log files need not be accessible to the ANONYMOUS userid (and probably should not be). * You can restrict the directories to which ANONYMOUS has access by defining the system-wide logical name FTP_ANONYMOUS_DIRS to a search list of device/directory specifications. Any RETR, LIST, or NLST will check against this list before going through normal system access checks. This prevents ANONYMOUS from gaining access to people's files via WORLD access. If you do not define FTP_ANONYMOUS_DIRS, the extra access checks do not take place. You can use [directory...] notation to allow access to the entire subdirectory tree below the specified directory. The steps needed to set up a controlled Anonymous FTP are: 1. Create a UAF record for ANONYMOUS. Set it /NOINTER/NOBATCH/NONETWORK to prevent logins or DECnet use. Set /FLAG=DISMAIL to prevent mail from reaching it. Assign it a UIC that is unique and outside any existing group. Give it a default device and directory. Example: UAF> ADD ANONYMOUS/PASS=JUNK/NOINTERACTIVE/NOBATCH/NONETWORK- /FLAG=DISMAIL/UIC=[666,666]/DEV=USER$DISK/DIR=[PUBLIC] 2. Put the definition of FTP_ANONYMOUS_DIRS in your system startup sequence. Make sure it is defined before allowing Anonymous access. Make sure that the default device/directory in the UAF is accessible (not strictly necessary, but easier on the users). Example: $ DEFINE/SYSTEM FTP_ANONYMOUS_DIRS - USER$DISK:[PUBLIC...],- ! public files USER$DISK:[NEWS...],- ! news archives USER$DISK:[MAIL] ! mail archives 3. Create the directories to which ANONYMOUS will have access. Do not permit ANONYMOUS to own any of the files or be in the same group as the owner of the files. Set WORLD:R protection on all files and directories to be accessible, or use an ACL to grant access specifically to ANONYMOUS. While these modifications were meant to enhance the security of Anonymous FTP, neither the author nor his employer (nor anyone else for that matter) guarantees that the software is secure.