3com S7906E Manuel De Montage
1-12
Configuring Authentication and Authorization on the FTP Server
To allow an FTP user to access certain directories on the FTP server, you need to create an account for
the user, authorizing access to the directories and associating the username and password with the
account.
The following configuration is used when the FTP server authenticates and authorizes a local FTP user.
If the FTP server needs to authenticate a remote FTP user, you need to configure authentication,
authorization and accounting (AAA) policy instead of the local user. For detailed configuration, refer to
AAA Configuration in the Security Volume.
Follow these steps to configure authentication and authorization for FTP server:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Create a local user
and enter its view
and enter its view
local-user user-name
Required
No local user exists by default, and the
system does not support FTP
anonymous user access.
system does not support FTP
anonymous user access.
Assign a password to
the user
the user
password { simple | cipher }
password
password
Required
Assign the FTP
service to the user
service to the user
service-type ftp
Required
By default, the system does not support
anonymous FTP access, and does not
assign any service. If the FTP service is
assigned, the root directory of the device
is used by default.
anonymous FTP access, and does not
assign any service. If the FTP service is
assigned, the root directory of the device
is used by default.
Configure user
properties
properties
authorization-attribute { acl
acl-number | callback-number
callback-number | idle-cut
minute | level level |
user-profile profile-name |
vlan vlan-id | work-directory
directory-name } *
acl-number | callback-number
callback-number | idle-cut
minute | level level |
user-profile profile-name |
vlan vlan-id | work-directory
directory-name } *
Optional
By default, the FTP/SFTP users can
access the root directory of the device,
and the user level is 0. You can change
the default configuration by using this
command.
access the root directory of the device,
and the user level is 0. You can change
the default configuration by using this
command.
z
For more information about the local-user,
password,
service-type ftp, and
authorization-attribute commands, refer to AAA Commands in the Security Volume.
z
When the device serves as the FTP server, if the client is to perform the write operations (upload,
delete, create, and delete for example) on the device’s file system, the FTP login users must be
level 3 users; if the client is to perform other operations, for example, read operation, the device
has no restriction on the user level of the FTP login users, that is, any level from 0 to 3 is allowed.