FTPRUN 1.5.2 Copyright (c) 1991 Allegro Consultants, Inc. Author: Stan Sieler sieler@gmail.com Language: SPL Priv Mode: No Type: Operations / Site Management FTPRUN is a program designed to provide system managers with a security mechanism for accounts/modems that are to be used for file uploading and downloading. It "knows" about Reflection and PC2622 (from Walker, Richer, and Quinn), AdvanceLink 2392 (from Hewlett-Packard), NETXFER (from Telamon), and a few other common file transfer programs. FTPRUN is typically run as part of the following logon UDC: logon option logon, nobreak, nohelp continue tellop !hpuser.!hpaccount in FTPRUN continue run ftprun.pub.allegro;parm=%147 bye comment parm values for FTPRUN: comment Bit Add Usage comment --- --- ----------------------------- comment 15 1 1 = allow FILE commands comment 14 2 1 = allow LISTF in logon group comment 13 4 1 = allow LISTF in logon account comment comment 12 8 1 = allow LISTF anywhere comment 11 16 1 = disable logging user commands to PRINTER. comment (is enabled by default!) comment 10 32 1 = Require job name (2..7 bytes) comment comment 9 64 1 = Run programs from @.FTP.ALLEGRO;LIB=G, comment and NOT from @.PUB.SYS. comment comment Note: setting bit 12 implies bits 13 and 14, comment and setting bit 13 implies bit 14. comment Note: the most powerful setting that still allows comment logging of input is: PARM=15 comment Note: options may be given via INFO parameter too! comment see FTPRUN.DOC for full documentation. comment for help, do: run ftprun,help ********************* (Note: the above text is in the file FTPUDC.PUB.ALLEGRO.) When a user logs on with the above logon UDC, he/she is thrown into FTPRUN. FTPRUN "looks" like the Command Interpreter (CI) to the user, but only a very small number of commands can be executed: BYE FILE (can be restricted via PARM) LISTF (can be restricted via PARM) TELLOP (limit of 99 TELLOPs) TELL ... (limit of 99 TELLs) RUN FCOPY.PUB.SYS \ RUN LINK100.PUB.SYS \ RUN MONITOR.PUB.SYS \ RUN NETXFER.PUB.SYS \ common file transfer programs. RUN NMPCLINK.PUB.SYS / (hardcoded list) RUN PCLINK.PUB.SYS / RUN PCLINK2.PUB.SYS / RUN TYMLINK.PUB.SYS / A hard copy is generated of all user "CI" input. (This can be disabled via the PARM parameter to FTPRUN.) A message is optionally sent to the system console with the name of every file accessed by the user. EXAMPLE SCENARIO ================ Assume you want a consultant to download a file, FOO.PUB.SYS, from your machine to her machine. You don't really want her to have full "browsing" access to your machine, so FTPRUN can help: 1) Establish an account that is only to be used for file transfer purposes. (For this discussion, call the account FTP with users of DIALIN and MGR.) 2) Copy FOO.PUB.SYS to FOO.PUB.FTP. 3) Setup the DIALIN user with the logon UDC shown above. 4) Tell the consultant your dial-in number and that DIALIN.FTP is the user.account to be used. (You DO have passwords on MGR.DIALIN, FIELD.SUPPORT, and MANAGER.SYS, don't you?) 5) She will ONLY be able to execute the following commands: TELL TELLOP BYE RUN PCLINK.PUB.SYS (and a few others, see list above) LISTF @.@ (NOT: LISTF @.@.@) 6) Result: a safe and secure file transfer method. ----------------------------------------------------------------- Depending on the PARM value that FTPRUN is run with, it will act slightly differently...the table below shows the various capabilities that can be allowed by setting different bits of the PARM value. Options may also be specified via the INFO string. Putting "NO" front of an option negates it (e.g.: LOGGING and NOLOGGING). Only the uppercase letters (and digits) in an option name are needed. Name PARM bit action -------- ------- --------------------------------- FILEEQ 15 Allow file equates (i.e.: FILE command) LISTF0dot 14 Allow LISTF of logon group. LISTF1dot 13 Allow LISTF of logon account. (implies bit 14) LISTF2dot 12 Allow LISTF of any account. (implies bits 13 and 14) NOLOGging 11 Disable logging user input to the printer. JOBNAME 10 Requires user to logon with a JOB name of more than 1 character. ALLEGROFTP 9 Requests FTPRUN to run the selected transfer program from the FTP.ALLEGRO group, with LIB=G, instead of from PUB.SYS. This will provide a means for monitoring which files are opened by the transfer programs. (The SL and XL used will do a PRINTOP for every file that the user attempts to open.) NOLOGOP 8 Tells FTPRUN not to log start/stop of RUNs to the system console. Default: LOGOP. NOTIMEOUT 7 Tells FTPRUN not to do a timed read in the outer loop. TIMEOUT defaults to 15 minutes, and can be set to different values with an INFO string like: TIMEOUT = 20 If TIMEOUT is in effect, then a timed read is done at the "CI" prompt. If this read expires, then FTPRUN terminates. The following options do not have PARM bit equivalents: ALLOW programname If specified, adds one more program name to the list of allowed programs. A maximum of 2 ALLOWs may be used. EOP When set (default) this option prints a fake END OF PROGRAM message after initializing. This (hopefully) misleads the user into thinking that he/she is now interacting with the real Command Interpreter (CI). To disable this message, use the option: NOEOP GROUP [=] groupname This will cause FTPRUN to insist that the user be logged into the specified group. Notice bit 11...by default, FTPRUN will send a hard copy of every user input (except data read by any RUN program) to the printer, whose formal name is PRINTER. This can be disabled by setting PARM bit 11 to 1. ----------------------------------------------------------------- FTPSL (code = SL) FTPXL (code = NMXL) If programs like PCLINK, PCLINK2, LINK100, NETXFER, etc, are put into the group FTP.ALLEGRO with the above SL & XL files (FTPSL, renamed to be "SL.FTP.ALLEGRO", and FTPXL, renamed to be XL.PUB.ALLEGRO) and run with LIB=G (which is requested by setting PARM bit 9 (ALLEGROFTP)), then all FOPEN requests will be logged to the system console.