topic FTP in Operating System - HP-UX

FTP

KOGOE Jean_Baptiste — Mon, 21 Feb 2005 06:19:47 GMT

I would like to create an ftp user with access on only a specific directory (/fic/edition) and create restriction on the pc with the ip addrees 10.10.30.3; my server run on HPUX 11
please help

Re: FTP

Keith Bryson — Mon, 21 Feb 2005 06:37:20 GMT

You will need to use /var/adm/inetd.sec (see 'man inetd.sec') or TCP wrappers.

Keith

Re: FTP

Jdamian — Mon, 21 Feb 2005 07:15:51 GMT

You can define a "guest" user in order to restrict access of a given login.

I cannot explain details but manual pages for ftpaccess(4) contain all details (pay attention on "class" and "guestgroup" entries).

Re: FTP

Steven E. Protter — Mon, 21 Feb 2005 08:53:38 GMT

I could recoomend chroot jail.

you can impose /fic/edition as the users home directory and with chroot in the ftpaccess file that will appear to be the root directory.

You would then need to make that usrs shell /usr/bin/false (I believe) and copy the ls and other binaries into the chroot directory so that ftp will function correctly.

As far as restricting the pc, there is little you can do there. Any ftp client will be able to connect with any server on the network.

What I do with users to discourage exploration is to provide them a desktop icon that opens the ftp client and begins the connection process. Most users don't know how to use command line ftp and its possible to set up Windows so the command line is not accessible.

SEP

Re: FTP

Simeon Harwood — Tue, 22 Feb 2005 05:26:04 GMT

If you wanted to buy a good book on the subject of security that will explain how to do the FTP chroot jail stuff, I highly recomend: -
HP-UX 11i security by Chris Wong
(isbn 0-13-033062-0)

I've read this book and found it very usefull indeed.