https://community.hpe.com/t5/operating-system-hp-ux/creating-a-secure-ftp-user/m-p/4871326#M398779 Thanks all Thu, 18 Nov 2004 22:41:29 GMT Laurence Beard 2004-11-18T22:41:29Z https://community.hpe.com/t5/operating-system-hp-ux/creating-a-secure-ftp-user/m-p/4871322#M398775 Hi,<BR /><BR />I have been trying to create an ftp user that can login into a specific directory and can not cd .. or change to another directory.<BR /><BR />Is this possible. I have considered using the restricted user shell with no success.<BR /><BR />regards Thu, 18 Nov 2004 20:53:03 GMT https://community.hpe.com/t5/operating-system-hp-ux/creating-a-secure-ftp-user/m-p/4871322#M398775 Laurence Beard 2004-11-18T20:53:03Z https://community.hpe.com/t5/operating-system-hp-ux/creating-a-secure-ftp-user/m-p/4871323#M398776 Hi Laurence,<BR /><BR />You will need to use 'ftpaccess' file with 'chroot'ed home directory. <BR /><BR />1. Make the user's home directory like /home/user/./ in /etc/passwd file.<BR />2. Create a group say 'ftponly' and change the primary group of the user to ftponly.<BR />3. Add the following lines to your /etc/ftpd/ftpaccess file (if you don't have an ftpaccess file, then copy it from /usr/newconfig/etc/ftpd/ directory)<BR /><BR />guestgroup ftponly<BR /><BR />With the above user will not be able to move above /home/user structure. If you want you can further set the restrictions using 'upload' directive. 'man ftpaccess' for more option.<BR /><BR />You will have to add -a to your ftpd line in /etc/inetd.conf and refresh inetd ( inetd -c ).<BR /><BR />BTW, this works only from 11.0 and above. For 10.20, you will have to install wu_ftp software.<BR /><BR />-Sri Thu, 18 Nov 2004 21:00:28 GMT https://community.hpe.com/t5/operating-system-hp-ux/creating-a-secure-ftp-user/m-p/4871323#M398776 Sridhar Bhaskarla 2004-11-18T21:00:28Z https://community.hpe.com/t5/operating-system-hp-ux/creating-a-secure-ftp-user/m-p/4871324#M398777 Hi Laurence,<BR /><BR />You need to setup ftpaccess for this user/group. Do "man ftpaccess" for more info on ftpaccess.<BR /><BR />Here is a sample doc from itrc on how to setup restricted ftp access for a user,<BR /><BR /><A href="http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&amp;docId=200000073346999" target="_blank">http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&amp;docId=200000073346999</A><BR /><BR />The itrc doc id is BC0814KBRC00007719.<BR /><BR />Hope this helps.<BR /><BR />Regds<BR /> Thu, 18 Nov 2004 22:23:17 GMT https://community.hpe.com/t5/operating-system-hp-ux/creating-a-secure-ftp-user/m-p/4871324#M398777 Sanjay_6 2004-11-18T22:23:17Z https://community.hpe.com/t5/operating-system-hp-ux/creating-a-secure-ftp-user/m-p/4871325#M398778 Make sure the shell for the user in /etc/profile is /bin/false<BR /><BR />If there is a user that owns the ftpd binaries that should be the same.<BR /><BR />Its possible with buffer overflows to trick the ftp daemon into running commands and even getting a shell prompt. This will prevent that.<BR /><BR />SEP Thu, 18 Nov 2004 22:25:15 GMT https://community.hpe.com/t5/operating-system-hp-ux/creating-a-secure-ftp-user/m-p/4871325#M398778 Steven E. Protter 2004-11-18T22:25:15Z https://community.hpe.com/t5/operating-system-hp-ux/creating-a-secure-ftp-user/m-p/4871326#M398779 Thanks all Thu, 18 Nov 2004 22:41:29 GMT https://community.hpe.com/t5/operating-system-hp-ux/creating-a-secure-ftp-user/m-p/4871326#M398779 Laurence Beard 2004-11-18T22:41:29Z