FTP session access

Samboja — Wed, 12 Mar 2003 13:04:08 GMT

Dear all,

How can I limiting ftp access, I mean that in ftp session user can not doing change directory (CD) to another directory besides his directory.

Any ideas..?

thanks,

Sam

Re: FTP session access

Michael Steele_2 — Wed, 12 Mar 2003 13:07:11 GMT

Refer to /etc/ftpusers. You can allow or deny by specific users this way. For example, the ftpd daemon will reject users listed here. Each account for each user must be listed one per line.

Re: FTP session access

Pete Randall — Wed, 12 Mar 2003 13:11:38 GMT

Set their startup shell in /etc/passwd to /bin/false.

Pete

Re: FTP session access

eran maor — Wed, 12 Mar 2003 13:29:44 GMT

Hi

Here's the instructions on achieving your design for ftp access into the server:

1)load in [PHNE_23949/PACHRDME/English] (or latest ftp/ftpd). This patch resolves a couple of
issues with ftpaccess.

2) create a user via SAM (eg. user= test1 group= none)

3) This user has ONLY ftp access, so it would be wise to
code the start-up program as /usr/bin/false

4) For the home directory, specify /home//. eg:
/home/test1/./ (explanation in man ftpaccess)/etc/passwd looks like
test1:qXznDQ1RUwqZ6:115:20:,,,:/home/test1/./:/usr/bin/false
**ignore the error with SAM not being able to create a /. directory.

5) all other questions in SAM are as per normal.

6) ensure that /usr/bin/false is also coded in a file /etc/shells

7) then edit-create the file /etc/ftpd/ftpaccess to have these lines:
class all test1,guest * <-- line#1
guestgroup none <-- line#2
limit all 5 Any /no-more-ftp-access <-- line#3
noretrieve /etc/passwd core <-- line#4

with #chmod 444 ftpaccess
#chown bin:bin ftpaccess

Explanation:
line#1 : 'class' is a verb
'all' is a class of users;
you can call it anything you like.
'guest' is a verb ???test1??? is the user name
'*' is the range of users allowed to ftp
into the machine.
You can restrict this further if you want to.
Do a man ftpaccess

line#2 : 'guestgroup' is a verb
: 'none' is the group name of the users
that have been coded via SAM
(see /etc/group to find out what group
that has)

line#3 : 'limit' is a verb
'all' as per line#1,the class of users.
'5' is the number of ftp sessions; in this case
its five.
You can change it to any number of your choice.
'Any' , do a man ftpaccess for explanation
'/no-more-ftp-access' is a filename that
contains a message to be displayed when the
limit is reached.

line#4 : types of files to restrict

8) then edit /etc/inetd.conf to add in '-a' argument for ftpd; thus:
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -a

9) inetd -c (to re-read the configuration file)

10) Create the following subdirecties and files:
a. ~test1/usr
#chown ???R bin:bin usr
#chmod 555 usr
b. ~test1/usr/bin
#chown root bin
#chmod 555 bin
#cp -p /sbin/ls ~test1/usr/bin/ls

11) The ~test1/usr/bin/ls allows the use of the 'ls' command in ftp to find out
the files that are present in their directory.

12) test to verify

topic Re: FTP session access in Operating System - HP-UX

FTP session access

Re: FTP session access

Re: FTP session access

Re: FTP session access