topic Re: ftpd in Operating System - HP-UX

ftpd

Shannon Petry — Thu, 10 Aug 2000 15:12:29 GMT

Have a bit of a dilemma, and not sure the best way of handeling it. I have a pain in the $#%^ user who has an FTP id, and wanders the system. I need to know the best way to keep them in just their own home dir.
Here is what I have.
ftpuser:passwd:yada:yada:yada:/home/ftpuser:/usr/bin/true

The /etc/shells has an entry for /usr/bin/true, and the user is not in ftpusers of course.

I want to keep this person in just /home/ftpuser.
I have chroot installed, but can not seem to get it to work as I had expected.

Thanks in advance!
Shannon

Re: ftpd

Antoanetta Naghiu — Thu, 10 Aug 2000 15:20:00 GMT

Start ftpd -l in /etc/inetd.conf to log ftp entries.
Why don't enable that user as anonymous ftp under /usr/bin/false as shell?
See http://www.docs.hp.com/dynaweb/hpux11/@Generic__CollectionView for very detailed explainations for how to create it.

Re: ftpd

James R. Ferguson — Thu, 10 Aug 2000 15:27:13 GMT

Shannon:

I think you'll find some helpful suggestions in:

http://my1.itrc.hp.com/cm/QuestionAnswer/1,1150,0x30717e990647d4118fee0090279cd0f9,00.html

...JRF...

Re: ftpd

James R. Ferguson — Thu, 10 Aug 2000 15:29:49 GMT

Shannon:

Also:

http://my1.itrc.hp.com/cm/QuestionAnswer/1,1150,0x04567e990647d4118fee0090279cd0f9,00.html

...JRF...

Re: ftpd

Shannon Petry — Thu, 10 Aug 2000 15:38:49 GMT

I read the relevant posts, but it does not fit here. If I give the user rsh, he/she/they still have the ability to telnet. I only want this user to FTP. This is the sticky point.

As for setting up anonymous FTP, I do not want anonymous ftp on this machine. I have other servers for just that job, and they run just fine. This user must move data to a secure point, not a public access point.

Re: ftpd

Antoanetta Naghiu — Thu, 10 Aug 2000 15:50:52 GMT

It is not necessary to call it anonymous ftp. Can call it whatever name you want. What do you want he/she/they do on the system beside ftp? Are they going to be regular users with normal rights? Can you make use of /var/adm/inetd.sec (if they come from the same box and nobody else comes from that particlar node?
Acctually, say what you try to achieve, and you'll see...

Re: ftpd

Shannon Petry — Thu, 10 Aug 2000 16:04:35 GMT

I thought I did state pretty clearly what I wanted to do.
Have a user FTP to the system, and not be able to move out of their home directory.
The user must be REAL, meaning not an anonymous user!

Re: ftpd

Antoanetta Naghiu — Thu, 10 Aug 2000 16:28:43 GMT

This is what I understand you wanted. if you are not happy with annonymous ftp or tftp (trivial ftp), you can try to write your own scripts and put that one as shell...Or use rsh. Or, last line in .profile run a home-made shell....

Re: ftpd

Rita C Workman — Thu, 10 Aug 2000 17:44:23 GMT

Very simple....do a basic chroot by doing an edit
to the /etc/passwd and add a period and / to the
end of his home directory....this basically changes
his home directory to root.

vipw

on this persons' line change it so it says:
user:uid:gid....../home/nogoodbumb/./usr/bin/ksh

It's quick...it's easy......but a thought.
If you only have ftp rights here..you may need to
add a directory /usr under his home directory and
then copy into this directory /usr/sbin/pwd and
/sbin/ls. Grant ownership to these to 'him'. That
way this wonderful employee will have the ability
to enter the command ls & pwd....which aside
from get and put; I gather is all you want this little
ray of sunshine to have....
Hope it helps,

Re: ftpd

Anthony Goonetilleke — Fri, 11 Aug 2000 00:27:24 GMT

Change your ftp daemon to wuftpd.
Its great and has a lot more flexibility and is tried and proven and you can do all sorts of neat tricks with it and also the logiing is very good. It can do the exact thing you want it to do.

Re: ftpd

Michael F. Steele — Fri, 18 Aug 2000 12:57:28 GMT

Make use of the .netrc file by scripting out a set of commands for ftpuser. Then invoke the .netrc file and the ftpuser login from a script, and restrict ftpuser to executing the script instead of manually logging. This process can also be put into a cron.

Re: ftpd

Ian Cameron — Mon, 18 Sep 2000 17:07:16 GMT

I have tried Rita's method and it did not limit the access to /home/***** by adding the ./ to the /etc/passwd home dir string. My case is similar to the original posting except I have several users pointing to a single directory to be used for passing prototype/developmental data. Has anyone found a workable solution yet?