HP OpenVMS Systems Documentation
Compaq TCP/IP Services for OpenVMS
By default, the FTP server creates several log files you can use to monitor the service and user transactions. These log files are:
The number of log files (one per FTP session) might become large. To limit the number of versions, enter:
$ SET FILE file /VERSION=n
The FTP service can be shut down and started independently from TCP/IP Services. This is useful when you change parameters or logical names that require the service to be restarted.
The following files are provided:
To preserve site-specific parameter settings and commands, create the following files. These files are not overwritten when you reinstall TCP/IP Services:
You can improve FTP performance for users who transfer large files from
systems that are not running TCP/IP Services to a host running the
TCP/IP Services software.
Large file transfers can affect file transfer performance. A file transfer consists of the following events:
Performance is affected by the RMS overhead taken up by the file extension process. One way to improve performance is to reset the appropriate parameters. To do this, redefine the FTP logical names that:
These logical names are described in the following sections.
126.96.36.199 Buffer Sizes
Changing the window size of the send and receive buffers can improve network performance. To set or modify the window size, define or redefine the logical name TCPIP$FTP_WNDSIZ.
$ DEFINE /SYSTEM /EXEC TCPIP$FTP_WNDSIZ 4096
For noisy lines, such as modems, you should set the value of the
TCPIP$FTP_WNDSIZ parameter to a lower number.
188.8.131.52 File Allocation and Extension Sizes
FTP logical names preallocate disk blocks. FTP tells RMS to truncate unused blocks so that disk space is not wasted. This can affect RMS performance.
To reduce the RMS overhead, use the following logical names:
$ DEFINE /SYSTEM/EXEC TCPIP$FTP_FILE_ALQ 50000
$ DEFINE TCPIP$FTP_FILE_DEQ 100
Define these logicals in the TCPIP$SYSTARTUP.COM procedure, or in the
SYS$MANAGER:STARTUP_VMS.COM file before the command that starts
TCP/IP Services. Because disk quotas may control the system, these
logical names are defined by default as zero (system RMS defaults) or
are undefined. For file transfers between hosts that both use VMS Plus
mode, these logical names have no effect.
184.108.40.206 Inactivity Timer
The larger the inactivity timer value, the longer FTP maintains sessions without timing out. Excessive inactive sessions might slow down performance, degrade security, or prevent other users from establishing sessions.
To increase the inactivity timer, change the value of the TCPIP$FTPD_IDLETIMEOUT logical name. The default is 15 minutes. For example:
$ DEFINE TCPIP$FTPD_IDLETIMEOUT 01:00:00
The TCP/IP Services software includes client and server implementations of the Berkeley Remote (R) command applications: RCP, RLOGIN, RSH, REXEC, and RMT/RCD. These applications provide end users with the following capabilities:
|RCP||Allows files to be copied between remote hosts.|
|RLOGIN||Provides interactive access to remote hosts.|
|RSH||Passes a command to a remote host for execution.|
|REXEC||Authenticates and executes RCP and other commands.|
|RMT/RCD||Provides remote access to magnetic tape and CD-ROM drives.|
This chapter reviews key concepts and describes:
For information about using these applications, see the DIGITAL TCP/IP Services for OpenVMS User's Guide.
16.1 Key Concepts
In addition to password authentication, the R commands use a system based on trusted hosts and users. Trusted users on trusted hosts are allowed to access the local system without providing a password. Trusted hosts are also called "equivalent hosts" because the software assumes that users given access to a remote host should be given equivalent access to the local host. The system assumes that user accounts with the same name on both hosts are "owned" by the same user. For example, the user logged in as molly on a trusted system is granted the same access as a user logged in as molly on the local system.
This authentication system requires databases that define the trusted hosts and the trusted users. On UNIX systems, these databases are:
On OpenVMS hosts, the proxy database TCPIP$PROXY.DAT defines trusted
hosts and users for the entire system.
16.2 Managing the R Command Servers
The following sections describe the command procedures and logical
names used in managing the R command servers.
16.2.1 R Command Server Startup and Shutdown
Each R command server can be shut down and started independently. This is useful when you change parameters or logical names that require the service to be restarted.
The following files allow you to start up each R command server independently:
The following files allow you to shut down the each R command server independently:
To preserve site-specific parameter settings and commands to be executed when the R server starts up, create one of the following files, as appropriate. These files are not overwritten when you reinstall TCP/IP Services:
To preserve site-specific parameter settings and commands to be executed when the R server shuts down, create one of the following files, as appropriate. These files are not overwritten when you reinstall TCP/IP Services:
Table 16-1 lists the logical names you can use for managing the RLOGIN service.
|TCPIP$RLOGIN_VTA||Enables RLOGIN virtual terminals. For more information, see Section 16.3.|
|TCPIP$RLOGIN_MESSAGE||Specifies the welcome message displayed by the RLOGIN server. For more information, see Section 16.4.|
Because R commands can bypass normal password verification, it is important to configure these applications carefully to avoid compromising system security. In a complex networking environment, improperly configured R commands can open access to your host to virtually anyone on the network.
A properly configured environment grants remote access to preauthorized clients. You can limit access by adding an entry to the proxy database (TCPIP$PROXY.DAT) for each user authorized to access your host. This entry, called a communication proxy, provides the user name and name of the remote host. To add a communication proxy, enter:
TCPIP> ADD PROXY user /HOST=host /REMOTE_USER=user
For each host, be sure to define the host name and any aliases.
Users with communication proxies cannot use virtual terminals.
Therefore, if the logical name TCPIP$RLOGIN_VTA is set, users logging
in by proxies will observe that the terminal device they are assigned
is displayed as TNAnnn rather than VTAnnn. For more
information, see Section 16.2.2.
16.3.1 Registering Remote Users
For users on UNIX hosts, the following information must be listed in at least one of the following databases:
|Database File||Type of Information|
|/etc/hosts.equiv||Host name and user name|
(in the user's home directory)
|Host name and user name|
For users on OpenVMS clients running TCP/IP Services, check that the appropriate proxy information is in the remote system's proxy database.
You can also restrict remote printing to specific users by entering:
TCPIP> SET SERVICE service /FLAGS=APPLICATION_PROXY
With this flag set, the R commands use the communication entries in the proxy database for authentication.
To reject access from a remote host, use the SET SERVICE service /REJECT command. For example:
TCPIP> SET SERVICE RLOGIN /REJECT=HOSTS=(loon,ibis,tern)
The proxy database is case sensitive for remote user names. The case you use for communications entries affects the way users access your host, so use case in a consistent fashion. In the proxy database, if the user name is in:
If the flag CASE_INSENSITIVE is set, the server matches an incoming user name with an all-lowercase or an all-uppercase remote user name in the proxy database.
The case-sensitivity flag for RLOGIN, RSH, and RCP defaults to CASE_INSENSITIVE. With this setting, the server accepts both all-uppercase and all-lowercase user names.
Ensure that RSH is enabled, because no RCP service exists. Instead, RCP
uses the RSH server process. (RCP uses RSH or REXEC to do its work. RSH
must be configured properly for RCP to work.)
16.4 Creating a Welcome Message
To modify the welcome message displayed by the RLOGIN server, define the TCPIP$RLOGIN_MESSAGE logical name and specify the text. For example, the following command defines a welcome message for RLOGIN clients when they log in to the server:
$ DEFINE /SYSTEM TCPIP$RLOGIN_MESSAGE "OpenVMS RLOGIN Server Version 5.1"
The Remote Magnetic Tape/Remote CD-ROM (RMT/RCD) server provides remote system access to local OpenVMS magnetic tape and CD-ROM drives. The tape or CD-ROM drives appear to the RMT client users as if they were mounted locally. The RMT server fully implements the UNIX commands rdump and rrestore and the OpenVMS commands MOUNT, BACKUP, COPY, and EXCHANGE.
This section assumes that you are familiar with device mounting and
server access conditions relevant to the R command services.
16.5.1 Preparing Drives for Remote Mounts
Perform the following tasks to make sure the remote client can access the tape or CD-ROM drive:
TCPIP> add proxy root /HOST=host /REMOTE=user
$ RMT_VERIFY = 'F$VERIFY(0) ... $ IF (F$MODE() .NES. "OTHER") THEN $RMT_VERIFY = F$VERIFY(RMT_VERIFY)
On the remote host, a user can use rdump to dump files to OpenVMS tapes, or rrestore to restore files from OpenVMS tapes. The functionality of rdump and rrestore depends entirely on the type of UNIX system you use and not on the RMT service. For example, not all UNIX systems let you restore files selectively using rrestore .
When you enter these remote dump and restore commands, you must specify either a valid OpenVMS magnetic-tape device name, or a file name.
See the sections on dump, rdump, restore , and rrestore in your client system's documentation for details. Be careful about the order in which you specify options on the command line.
Here is an example of an rdump command:
> /etc/rdump 0f lilac:mua0:/nomount/density=1600 /usr
In the example, the remote user requests to remotely dump the /usr file system onto device mua0: on system lilac and specifies the /nomount qualifier and a tape density of 1600 bits per inch.
You can specify the qualifiers described in Table 16-2 with magnetic-tape device names.
|/[NO]ASSIST||Specifies whether to use operator assistance to mount the volume. The default is /NOASSIST.|
|/BLOCKSIZE= n||Specifies the block size for magnetic tape volumes. The default is 65534 bytes.|
|/CD||Indicates that the remote device is a CD-ROM device.|
|/COMMENT= "string"||Specifies additional information included with the operator request when the mount operation requires operator assistance (/ASSIST). The comment appears in the OPCOM message for the operator.|
|/DENSITY= n||Specifies the density (in bits per inch) at which to write a foreign or unlabeled magnetic tape. The default is the current density.|
|/[NO]MOUNT||Specifis whether to use the OpenVMS MOUNT service to mount the tape. /NOMOUNT gains access to the tape directly without mounting it. Use this for UNIX utilities that expect the tape drive to hold its position (not rewind) if the utility closes it. The default is /MOUNT.|
|/[NO]REWIND||Specifies whether to rewind the drive when it is closed. The default is /REWIND.|
|/[NO]STREAM||Specifies whether to read the tape in record mode (/NOSTREAM) or byte-stream mode (/STREAM). The default is /STREAM.|
|/[NO]UNLOAD||Specifies whether to unload the drive when it is closed. The default is /UNLOAD.|
|/[NO]WRITE||Specifies whether you can write to the magnetic tape. The default is /WRITE.|
The following steps perform rdump and rrestore functions from a UNIX client system. These commands dump two UNIX directories to the tape with separate rdump commands. These commands then restore files selectively from the tape to the UNIX client system:
UNIX> /etc/rdump 0f vax:device/nomount/norewind/nounload dir1 UNIX> /etc/rdump 0f vax:device/nomount/norewind/nounload dir2
The rrestore command might display messages such as "You have not read any volumes yet" and then ask you to specify the next volume. Although these messages might appear, rrestore should work properly.
In the following example, rrestore extracts the file specified by file_name from dump file number 2 on the tape:
UNIX> /etc/rrestore fsx vax:device/nomount/nounload/norewind 2 file-name
In the following example, rrestore invokes the interactive utility to let the user specify particular files that were put on the tape in dump file 2. The add command then adds the files to the extraction list and the extract command restores them:
UNIX> /etc/rrestore fis vax:device/nomount/nounload/norewind 2 restore> add file_name restore> extract