HPE Community
Operating System - HP-UX
1752815 Members
6158 Online
108789 Solutions
New Discussion юеВ

Limiting FTP access to only one directory

 
SOLVED
Go to solution
Yogeeraj_1
Honored Contributor

тАО05-20-2002 07:53 PM

тАО05-20-2002 07:53 PM

Limiting FTP access to only one directory

Hello experts,

We have one application which requires users to upload image files to my L1000 HP9000 server running HP-UX 11.

Unfortunately, we are not yet able to design a JSP application that can allow us to do so.

We are thinking about a simple solution where we would install a graphical FTP software that will allow the end-users to upload their files.

Our problem is that with this setup, the end-users are able to browse through all the directories on the server.

Is there a way to restrict access to only one directory to a user?

Thank you in advance for your guidance.

best regards
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Reply
22 REPLIES 22
Vijeesh CTK
Trusted Contributor

тАО05-20-2002 07:59 PM

тАО05-20-2002 07:59 PM

Re: Limiting FTP access to only one directory



hi

Use 'rsh' for that particular user

CTK
0 Kudos
Reply
Michael Tully
Honored Contributor

тАО05-20-2002 08:04 PM

тАО05-20-2002 08:04 PM

Re: Limiting FTP access to only one directory

Hi,

You need to have a look at the man page for 'ftpaccess'. Even if your using a GUI based application the permissions should still be restrictive to the designated directory.

In the /etc/passwd file, the sample entry is:

guest::100:92:My Guest Account:/ftp/./intray:/etc/ftponly

When guest successfully logs in, the ftp server will chroot(/ftp) and then chdir to './intray'. The guest user will only be able to access the directory structure under /ftp (which will look and act as / to guest), just as an anonymous FTP user would.

HTH
~Michael~
Anyone for a Mutiny ?
0 Kudos
Reply
Yogeeraj_1
Honored Contributor

тАО05-20-2002 08:06 PM

тАО05-20-2002 08:06 PM

Re: Limiting FTP access to only one directory

Dear Mr. Vijeesh CTK

Thank you for the fast reply.

Not clear about "rsh"

please ellaborate.

Is it a software on the client?

please an example

thanks
Yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Reply
Michael Tully
Honored Contributor

тАО05-20-2002 08:10 PM

тАО05-20-2002 08:10 PM

Re: Limiting FTP access to only one directory

Hi,

This could be better for your requirements:

Explanation here:
http://www.wu-ftpd.org

Software can be found here from the porting centre.
http://hpux.connect.org.uk/hppd/hpux/Networking/FTP/wu_ftpd-2.6.1/

Cheers
~Michael~
Anyone for a Mutiny ?
0 Kudos
Reply
Niel Greeff_1
Advisor

тАО05-20-2002 08:18 PM

тАО05-20-2002 08:18 PM

Re: Limiting FTP access to only one directory

Step-by-step (as the root user)

1. cp /usr/newconfig/etc/ftpd/ftpaccess
/etc/ftpd/ftpaccess

2. create a group for ftp users called ftponly

3. create the new ftp user (say nielg) and restrict hime to /home/nielg

useradd -m -d /home/nielg -s /usr/bin/false -g ftponly nielg

4. Add this false shell to the file (just add the /usr/bin/false line to the file)

5. Change the /etc/inetd.conf file (the ftp line) to read:
ftp tcp stream nowait root /usr/lbin/ftpd ftpd -a

6. Now edit the /etc/passwd file and change the directory setting for the user: add /./ at the back of the directory

(if the line used to read:
nielg:98732jgjh:100:103::/home/nielg:/usr/bin/false

Make it :

nielg:98732jgjh:100:103::/home/nielg/./:/usr/bin/false

7. Restart inetd "inetd -c"

That should be it


Hope it helps
N
Well, we all try
0 Kudos
Reply
Vijeesh CTK
Trusted Contributor

тАО05-20-2002 08:22 PM

тАО05-20-2002 08:22 PM

Re: Limiting FTP access to only one directory


hi

u have to specify rsh for ur user

eg

mbr034:m9uORGYWXHAmQ:1034:1000:Cl. No. = 34:/usr1/setl/member/mbr034:/usr/bin/rsh

one of my user's passwd entry

and Micheal's suggestion is also good here too i have done it thats creating ftp group

CTK
0 Kudos
Reply
Niel Greeff_1
Advisor

тАО05-20-2002 08:23 PM

тАО05-20-2002 08:23 PM

Re: Limiting FTP access to only one directory

Oops - sorry

My step 5 should be : Add the entry to the /etc/shells file (just add the line /usr/bin/false)
Well, we all try
0 Kudos
Reply
Michael Tully
Honored Contributor

тАО05-20-2002 08:38 PM

тАО05-20-2002 08:38 PM

Re: Limiting FTP access to only one directory

Hi,

'rsh' = restricted shell which is on the HP-UX server.

Michael
Anyone for a Mutiny ?
0 Kudos
Reply
Yogeeraj_1
Honored Contributor

тАО05-20-2002 08:56 PM

тАО05-20-2002 08:56 PM

Re: Limiting FTP access to only one directory

Thank you all for your replies.
==========================
Niel Greeff
==========================
Have gone through the steps.
The last line about "7. Restart inetd "inetd -c" " worries me a bit.
Can i do it on a production server? Will it not disconnect all connected users?
Have a look at the attachment too.


==========================
Mr. Michael Tully
Mr. Vijeesh CTK
==========================
Still does not work.
See attached a sample of the screen i get.
The user can see the whole tree structure.
Below the line from /etc/passwd:
bn:iwhBIpeNlXxFI:128:20:FTP-Brinda Nattoo,PDD-PHX,,:/prod/webroot/pdd/croquis:/usr/bin/rsh

Please advise.
Will i really need to replace my FTP server for it work?
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.