Operating System - HP-UX
1748248 Members
3733 Online
108760 Solutions
New Discussion

Re: Creating "boxed" ftp for high security risks accounts

 
Bolek Mynarski
Frequent Advisor

Creating "boxed" ftp for high security risks accounts

O.K. I followed the thread and I have seen that most people seem to recommmand usiwn wu-ftpd (which I use, BTW on my other Linux box). However, in case of my HP-UX 11 box this is no go. I have to use "standard" tools provided by HP.

Enabling "anonymous" logons is also a big 'no, no' so the only thing left is to enable users ftp.

I tried to mimic a little bit the setup I have on my Linux box. The way it works is that when a "restricted" user logs in, chroot takes place so the top level directory become, e.g. /home/ftpusers/ and at that point, s/he cannot change it to the real root.

To accomplish it, I have to run ftpd with "-l -a" flags in inetd.conf. If "-a" flag is not present, it would not work. Also, the home directory for such a user would have to have a form of:

/home/ftpusers/./user

in a password file. Taking "/./" out and replacing it with "/" would nullify my efforts to box them in.

Other things I had to do to make it work were:

- create etc and /usr/bin directories under /home/ftpusers
- copy respective files to them

Things I've noticed that were different from my Linux wu-ftpd setup:

On HP-UX 11.00, /etc/ftpd directory was missing ftpaccess file which contains:

"guestgroup ftpusers

email myemail

loginfails 3

readme README* login
readme README* cwd=*

message /welcome.msg login
message .message cwd=*

#upload /home/ftp /incoming yes root 0400 nodirs

compress yes all
tar yes all
chmod no anonymous
delete no anonymous
overwrite no anonymous
rename no anonymous

log transfers anonymous,real inbound,outbound

shutdown /etc/shutmsg

passwd-check rfc822 warn"

After applying all the changes, it works like a charm :-)

Hope this helps.
It'snever too late to learn new things...
1 REPLY 1
Bill Hassell
Honored Contributor

Re: Creating "boxed" ftp for high security risks accounts

Actually, you can use WU-FTP as a supported tool on HP-UX. Just get the patch: PHNE_21936 which adds the functionality of WU-FTP as a supported HP-UX extension to ftpd.


Bill Hassell, sysadmin