topic Re: Giving restricted telnet and ftp access at the same time in Operating System - HP-UX

Giving restricted telnet and ftp access at the same time

Rafael Moran — Thu, 17 Jan 2002 11:36:16 GMT

Hello,

I'm giving telnet and ftp access to a server with rksh. With that I obtained that users can't move from their directories with telnet access but when they do an ftp with a windows client they can move freely to other directories
Anybody knows a way to restrict it without changing the login ? I don't want to use restricted ftp, anonymous ftp or similar, because then I loss the telnet access with it.

Thank you very much

Re: Giving restricted telnet and ftp access at the same time

harry d brown jr — Thu, 17 Jan 2002 12:01:43 GMT

Do a chroot on them and they will be restricted to the "root" that you give them.

What OS version are you running?

live free or die
harry

Re: Giving restricted telnet and ftp access at the same time

Rafael Moran — Thu, 17 Jan 2002 12:26:13 GMT

Thank you Harry,

I'm using 10.20
I tried to put the chroot in the .profile but it always says me Not Owner
I checked all files in the directory and all of them belongs to the user
If I do it as root no problem

Re: Giving restricted telnet and ftp access at the same time

T. M. Louah — Sat, 19 Jan 2002 15:23:25 GMT

It seems that the following thread discusses exactly that :
http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xfea3663ce855d511abcd0090277a778c,00.html

g'd luck
t++

Re: Giving restricted telnet and ftp access at the same time

Rafael Moran — Mon, 21 Jan 2002 11:15:54 GMT

Thanks for the thread TM, but I still need and extra help.
That I have now is:

- Users can telnet but they can't move from his home directory due to the rksh

- Only a few users are allowed to ftp to the system as defines in /etc/ftpusers

Last thing I neeed is these ftp users can't move from his home directory. They use an ftp windows client and it seems that the restriction with rksh is not working with it and they can move around the filesystems.

Thank you

Re: Giving restricted telnet and ftp access at the same time

Christopher Caldwell — Mon, 21 Jan 2002 13:35:40 GMT

wu-ftpd (patched default on HP-UX 11.x or higher) does this by configuration. You can grab a copy at
http://www.wu-ftpd.org/

If the technique works on HP-UX 10.20, it'll probably be through the same mechanism:

You can try making the user's home directory like this in /etc/passwd
/home/user/./
or
/home/./user

depending on where you'd like the chroot to occur.

For the former, user's home directory will need a copy of system:/sbin/ls in a bin directory created in their home directory
e.g.
mkdir /home/user/bin
cp /sbin/ls /home/usr/bin/ls

for the latter, you'll need one copy of /sbin/ls in /home/bin
e.g.
mkdir /home/bin
cp /sbin/ls /home/bin/ls

Re: Giving restricted telnet and ftp access at the same time

T. M. Louah — Mon, 21 Jan 2002 14:55:23 GMT

I just want to add 2 things:

1- ftpd rejects remote logins to local user accounts that are named in
/etc/ftpd/ftpusers. Each restricted account name must appear alone on
a line in the file. The line cannot contain any white space. User
accounts that specify a restricted login shell in /etc/passwd should
be listed in /etc/ftpd/ftpusers because ftpd accesses local accounts
without using their login shells.

2- about /etc/passwd
The following fields have character limitations as noted:

+ Login name field can be no longer than eight characters;
+ Initial working directory field can be no longer than 63 characters;
+ Program field can be no longer than 44 characters.
+ Results are unpredictable if these fields are longer than the limits
specified above.