https://community.hpe.com/t5/operating-system-hp-ux/ftp-acccess-for-users/m-p/5202408#M463696 I will check previous posts -Thanks Tue, 06 Oct 2009 14:44:46 GMT Lawrence Kaufman 2009-10-06T14:44:46Z https://community.hpe.com/t5/operating-system-hp-ux/ftp-acccess-for-users/m-p/5202402#M463690 I need to limit ftp access. I am assuming that I need to implement the ftpaccess file. My goal is to limit ALL users (except root) to just one directory. The users should only be able to access /ftpfiles. Does anyone have an example of how to define this? THX! Tue, 06 Oct 2009 13:15:59 GMT https://community.hpe.com/t5/operating-system-hp-ux/ftp-acccess-for-users/m-p/5202402#M463690 Lawrence Kaufman 2009-10-06T13:15:59Z https://community.hpe.com/t5/operating-system-hp-ux/ftp-acccess-for-users/m-p/5202403#M463691 Hi<BR /><BR />then you can use /etc/ftpuser. The ftpd daemon rejects remote logins to local user accounts that are named in /etc/ftpusers. <BR />Just pick up and put users in this file. Tue, 06 Oct 2009 13:22:30 GMT https://community.hpe.com/t5/operating-system-hp-ux/ftp-acccess-for-users/m-p/5202403#M463691 Hakki Aydin Ucar 2009-10-06T13:22:30Z https://community.hpe.com/t5/operating-system-hp-ux/ftp-acccess-for-users/m-p/5202404#M463692 Hi<BR /><BR />The FTP configuration file is the ftpaccess file. It resides in the /etc/ftpd directory. If you do not currently have one, make a copy from the one located in the newconfig directory:<BR /><BR />On HP-UX 11:<BR /><BR />#cp /usr/newconfig/etc/ftpd/ftpaccess /etc/ftpd/ftpaccess<BR /><BR />On HP-UX 11i:<BR /><BR />#cp /usr/newconfig/etc/ftpd/examples/ftpaccess /etc/ftpd/ftpaccess<BR /><BR /> <BR /><BR />The FTP daemon will not use the configuration file until the /etc/inetd.conf file is edited to include the following:<BR /> <BR /><BR />ftp stream tcp nowait root /usr/lbin/ftpd ftpd -a /etc/ftpd/ftpaccess<BR /><BR /> <BR /><BR />Replacing the lowercase â aâ with the uppercase â Aâ will disable the use of the FTP configuration file. For the Internet Daemon to read this new configuration setting, you must run inetd with the â -câ option. (inetd â c). The following are examples of a few of the options available in the configuration file:<BR /><BR /> <BR /><BR />noretrieve:<BR /><BR />Example: <BR />noretrieve /etc/passwd /etc/group core .netrc .rhosts<BR /><BR />Description:<BR /><BR />Files listed after the noretrieve option are files that cannot be retrieved with FTP. When only the file name is specified (as with core, .netrc, and .rhosts), then no files on the system with that name can be retrieved. When the full pathname is used (as in /etc/passwd and /etc/group), that specific file cannot be retrieved. In this example, /etc/passwd could not be retrieved but a file named /tmp/passwd or /etc/passwd.old could be retrieved.<BR /><BR /> <BR /><BR />deny:<BR /><BR />Example:<BR />deny ctg500g /etc/ftpd/ctg500g_denymsg<BR /><BR />Description:<BR /><BR />The deny option is used to deny access to a particular host or a group of hosts. In addition, a message can be displayed to the client attempting FTP access. The â !nameservedâ parameter can also be used as the hostname to prohibit access to sites who do not have a working nameserver. Note that the parameter ends in â dâ , not â râ .<BR /><BR /> <BR /><BR />loginfails:<BR />Example:<BR /><BR />loginfails 2<BR /><BR />Description:<BR /><BR />The loginfails option is used to limit the number of FTP login attempts before the connection is terminated. The default value is 5<BR /><BR /><BR />Regards<BR />Sunny Tue, 06 Oct 2009 13:25:41 GMT https://community.hpe.com/t5/operating-system-hp-ux/ftp-acccess-for-users/m-p/5202404#M463692 Sunny123_1 2009-10-06T13:25:41Z https://community.hpe.com/t5/operating-system-hp-ux/ftp-acccess-for-users/m-p/5202405#M463693 I'm lost. I have the /etc/ftpd/ftpaccess file in place. I don't want to deny any users access. I just want to restrict users to one directory on the system. Do I use the noretrieve option? Thanks for the quick responses! Tue, 06 Oct 2009 13:49:15 GMT https://community.hpe.com/t5/operating-system-hp-ux/ftp-acccess-for-users/m-p/5202405#M463693 Lawrence Kaufman 2009-10-06T13:49:15Z https://community.hpe.com/t5/operating-system-hp-ux/ftp-acccess-for-users/m-p/5202406#M463694 Hi <BR /><BR />For that you can use <BR /><BR />noretrieve:<BR /><BR />Example: <BR />noretrieve /etc/passwd /etc/group core .netrc .rhosts<BR /><BR />Description:<BR /><BR />Files listed after the noretrieve option are files that cannot be retrieved with FTP. When only the file name is specified (as with core, .netrc, and .rhosts), then no files on the system with that name can be retrieved. When the full pathname is used (as in /etc/passwd and /etc/group), that specific file cannot be retrieved. In this example, /etc/passwd could not be retrieved but a file named /tmp/passwd or /etc/passwd.old could be retrieved<BR /><BR />Regards<BR />Sunny Tue, 06 Oct 2009 14:07:25 GMT https://community.hpe.com/t5/operating-system-hp-ux/ftp-acccess-for-users/m-p/5202406#M463694 Sunny123_1 2009-10-06T14:07:25Z https://community.hpe.com/t5/operating-system-hp-ux/ftp-acccess-for-users/m-p/5202407#M463695 <!--!*#-->&gt; I'm lost.<BR /><BR />It's all the helpful advice.<BR /><BR />If you wish to confine users to some<BR />particular directory, then you can make them<BR />"guest" users. "man ftpd", look for "guest".<BR />It's much like anonymous FTP, but with real<BR />log-in info.<BR /><BR />A Forum search for keywords like<BR /> ftp guest<BR />or<BR /> ftp chroot<BR /><BR />should find (far too) many previous similar<BR />discussions. Tue, 06 Oct 2009 14:28:59 GMT https://community.hpe.com/t5/operating-system-hp-ux/ftp-acccess-for-users/m-p/5202407#M463695 Steven Schweda 2009-10-06T14:28:59Z https://community.hpe.com/t5/operating-system-hp-ux/ftp-acccess-for-users/m-p/5202408#M463696 I will check previous posts -Thanks Tue, 06 Oct 2009 14:44:46 GMT https://community.hpe.com/t5/operating-system-hp-ux/ftp-acccess-for-users/m-p/5202408#M463696 Lawrence Kaufman 2009-10-06T14:44:46Z