https://community.hpe.com/t5/operating-system-hp-ux/ftp-in-restricted-shell/m-p/2713675#M61186 To restrict the user to his directory and subdirectories:<BR />Set the user's shell to 'rsh', the restrited shell. You can set this in the /etc/passwd file.<BR /><BR />To allow ONLY ftp:<BR />In the user's startup file ($HOME/.profile), add the following line<BR />exec ftp<BR />When the user logs in he will be taken straight to the ftp prompt. On exiting ftp, he will be automatically logged off. Tue, 30 Apr 2002 01:26:58 GMT Deepak Extross 2002-04-30T01:26:58Z https://community.hpe.com/t5/operating-system-hp-ux/ftp-in-restricted-shell/m-p/2713671#M61182 Hi,<BR />How do i set up a user to perform ftp only, the user must can onlu stay in it's own home directory.<BR /><BR />Thanks Tue, 30 Apr 2002 01:10:44 GMT https://community.hpe.com/t5/operating-system-hp-ux/ftp-in-restricted-shell/m-p/2713671#M61182 Bernard Lee 2002-04-30T01:10:44Z https://community.hpe.com/t5/operating-system-hp-ux/ftp-in-restricted-shell/m-p/2713672#M61183 <BR />INCOMING or OUTGOING?<BR /><BR />INCOMING, you can use chroot. <BR /><BR />OUTGOING, well not much there.<BR /><BR />live free or die<BR />harry Tue, 30 Apr 2002 01:12:43 GMT https://community.hpe.com/t5/operating-system-hp-ux/ftp-in-restricted-shell/m-p/2713672#M61183 harry d brown jr 2002-04-30T01:12:43Z https://community.hpe.com/t5/operating-system-hp-ux/ftp-in-restricted-shell/m-p/2713673#M61184 Hey !!<BR /><BR />By using the restricted shell <BR />you can achive this<BR /><BR />use /user/bin/rsh<BR /><BR />make sure that you put this entry in /etc/shells<BR /><BR />-Niraj Tue, 30 Apr 2002 01:21:32 GMT https://community.hpe.com/t5/operating-system-hp-ux/ftp-in-restricted-shell/m-p/2713673#M61184 Niraj Kumar Verma 2002-04-30T01:21:32Z https://community.hpe.com/t5/operating-system-hp-ux/ftp-in-restricted-shell/m-p/2713674#M61185 How can I restric certian users to one directory though ftp in 10.20 Tue, 30 Apr 2002 01:24:36 GMT https://community.hpe.com/t5/operating-system-hp-ux/ftp-in-restricted-shell/m-p/2713674#M61185 Bernard Lee 2002-04-30T01:24:36Z https://community.hpe.com/t5/operating-system-hp-ux/ftp-in-restricted-shell/m-p/2713675#M61186 To restrict the user to his directory and subdirectories:<BR />Set the user's shell to 'rsh', the restrited shell. You can set this in the /etc/passwd file.<BR /><BR />To allow ONLY ftp:<BR />In the user's startup file ($HOME/.profile), add the following line<BR />exec ftp<BR />When the user logs in he will be taken straight to the ftp prompt. On exiting ftp, he will be automatically logged off. Tue, 30 Apr 2002 01:26:58 GMT https://community.hpe.com/t5/operating-system-hp-ux/ftp-in-restricted-shell/m-p/2713675#M61186 Deepak Extross 2002-04-30T01:26:58Z https://community.hpe.com/t5/operating-system-hp-ux/ftp-in-restricted-shell/m-p/2713676#M61187 Say you want to setup user "ftpguest" to only do ftp. The recipe as follows ..<BR />(I got this from my own notes, can't remembet the source but it's good !)<BR /><BR />1) Make the edits to the /etc/passwd file<BR /><BR />ftpguest:4rL2HZkDatENY:505:125::/home/ftp/ftpguest/./:/usr/bin/false<BR /><BR />The '.' is the delimiter to determine where the chroot will be performed. In this example, after logging in '/' will in effect be /home/ftp/ftpguest. If the delimiter was placed between ftp and ftpguest then '/' would be /home/ftp <BR />The ftpguest was used as the account name in this example but you could use any name you like.<BR /><BR />2) /usr/bin/false will have to be added to the /etc/shells file.<BR /><BR />3) Make the edits to the /etc/group file<BR /><BR />ftpgroup::125:ftpguest<BR /><BR />Create and set the permissions and ownership for the directory /home/ftp/ftpguest to what suits you best.<BR /><BR />4) Add an entry into the ftpaccess file. This file will most probably have to be copied from the /usr/newconfig/etc/ftpd/ftpaccess to /etc/ftpd/ftpaccess.<BR /><BR />Add a guestgroup entry (in /etc/ftpd/ftpaccess file) to allow a group of users to be treated as 'guests'. This entry will correspond to the entry in the /etc/group file. Here is a sample of the ftpaccess file to use guest<BR />groups.<BR /><BR /># specify which group of users will be treated as "guests".<BR />guestgroup ftpgroup<BR /><BR />5) Edit the /etc/inetd.conf file and add the '-a' option to enable ftpd to use the ftpaccess file. Here is an example;<BR /><BR />ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -a<BR /><BR />You will need to reconfigure inetd by running /usr/sbin/inetd -c to reread the /etc/inetd.conf file after making the change.<BR /><BR />6) Since this is similar to anonymous FTP in the respect that you are in a chrooted area (the path to / is different than on your system) you will also have to replicate the /usr/bin and /etc directories. The easiest way to do this is to use SAM to create an anonymous FTP setup and then replicate the /etc &amp; /usr/bin directories into your ftp guest root directory. Here is an example of how you would replicate the ~ftp/usr and ~ftp/etc directory to your new ftp guest directory. Use the ftpguest user in this example.<BR /><BR /># cp -R ~ftp/usr ~ftpguest/usr<BR /># cp -R ~ftp/etc ~ftpguest/etc<BR /><BR />At this point you should have the files and programs needed for your ftpguest user.<BR /><BR />** This is dependent upon where the '.' delimiter has been positioned. If the delimiter is positioned prior to the ftp username then only the root directory (/home/ftp) needs to contain a /usr &amp; /etc directory structure. If the delimiter is placed post the username then each individual user will require this directory structure.<BR /><BR />** When providing the 'ls' command, use /sbin/ls, not /usr/bin/ls.<BR /><BR />7) Another thing .. you must touch the file /etc/ftpd/ftpgroups. If you do not, you will see messages in syslog.log indicating that ftpd could not stat this file.<BR /><BR /> Tue, 30 Apr 2002 01:27:54 GMT https://community.hpe.com/t5/operating-system-hp-ux/ftp-in-restricted-shell/m-p/2713676#M61187 S.K. Chan 2002-04-30T01:27:54Z