https://community.hpe.com/t5/operating-system-hp-ux/adding-user-with-restrictions/m-p/3297739#M183288 How do you restrict a user to accessing your server strictly via ftp? Also, how do you restrict them to use one specific directory?<BR /><BR />Thanks Mon, 07 Jun 2004 09:29:13 GMT Steve Ferrara 2004-06-07T09:29:13Z https://community.hpe.com/t5/operating-system-hp-ux/adding-user-with-restrictions/m-p/3297739#M183288 How do you restrict a user to accessing your server strictly via ftp? Also, how do you restrict them to use one specific directory?<BR /><BR />Thanks Mon, 07 Jun 2004 09:29:13 GMT https://community.hpe.com/t5/operating-system-hp-ux/adding-user-with-restrictions/m-p/3297739#M183288 Steve Ferrara 2004-06-07T09:29:13Z https://community.hpe.com/t5/operating-system-hp-ux/adding-user-with-restrictions/m-p/3297740#M183289 Create user id with shell as /usr/bin/ftp and add /usr/bin/ftp to /etc/shells.<BR />You can restrict to a perticular directory by mentioning PATH=/restrictedDIR in .profile file of user's home directory and change ownership of the .profile to root:bin<BR /><BR />-USA.. Mon, 07 Jun 2004 09:37:42 GMT https://community.hpe.com/t5/operating-system-hp-ux/adding-user-with-restrictions/m-p/3297740#M183289 Uday_S_Ankolekar 2004-06-07T09:37:42Z https://community.hpe.com/t5/operating-system-hp-ux/adding-user-with-restrictions/m-p/3297741#M183290 Hi,<BR /><BR />To restrict the user to have only ftp access, ley the login shell for the user be set as /usr/bin/false and add this in the /etc/shells file. Also you can setup ftpaccess to set restrictions for the user.<BR /><BR /><A href="http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&amp;docId=200000073346999" target="_blank">http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&amp;docId=200000073346999</A><BR /><BR />The itrc doc id is BC0814KBRC00007719.<BR /><BR />Hope this helps.<BR /><BR />Regds<BR /> Mon, 07 Jun 2004 09:44:16 GMT https://community.hpe.com/t5/operating-system-hp-ux/adding-user-with-restrictions/m-p/3297741#M183290 Sanjay_6 2004-06-07T09:44:16Z https://community.hpe.com/t5/operating-system-hp-ux/adding-user-with-restrictions/m-p/3297742#M183291 let's assume the username who will only have ftp access and nothing else is 'ftpuser'<BR /><BR />useradd -m -s /usr/bin/false <BR /><BR />edit password file using 'vipw' command and change the home directory of the user to /home/ftpuser/./ ,i.e., add a /./ at the end of whatever is already there<BR /><BR />add /usr/bin/false to /etc/shells if it is not there already<BR /><BR />if exists edit /etc/ftpd/ftpaccess file and add these lines :<BR /><BR />class all ftpuser,guest *<BR />guestgroup none<BR /><BR />chmod 444 /etc/ftpd/ftpaccess <BR />chown bin:bin /etc/ftpd/ftpaccess <BR /><BR />vi /etc/inetd.conf<BR /><BR />find the line beginning with ftp and if is not there already add "-a" without the quotes of course to the end. It should look like this :<BR /><BR />ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -a<BR /><BR />/usr/sbin/inetd -k<BR />/usr/sbin/inetd -l<BR />(which restarts inetd with the newly changed settings if you changed anything)<BR /><BR />mkdir ~ftpuser/usr<BR />mkdir ~ftpuser/usr/bin<BR />chown bin:bin ~ftpuser/usr<BR />chmod 555 ~ftpuser/usr<BR />chown root:bin ~ftpuser/usr/bin<BR />chmod 555 ~ftpuser/usr/bin<BR />cp -p /sbin/ls ~ftpuser/usr/bin/ls<BR /><BR />hope this helps<BR /><BR /><BR /><BR /><BR /><BR /> Mon, 07 Jun 2004 10:05:12 GMT https://community.hpe.com/t5/operating-system-hp-ux/adding-user-with-restrictions/m-p/3297742#M183291 Mel Burslan 2004-06-07T10:05:12Z https://community.hpe.com/t5/operating-system-hp-ux/adding-user-with-restrictions/m-p/3297743#M183292 oh, I realized that I made a typo on the user add line. it should have read:<BR /><BR />useradd -m -s /usr/bin/false ftpuser<BR /><BR />(must find coffeee...) Mon, 07 Jun 2004 10:07:01 GMT https://community.hpe.com/t5/operating-system-hp-ux/adding-user-with-restrictions/m-p/3297743#M183292 Mel Burslan 2004-06-07T10:07:01Z