- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Limiting FTP access to only one directory
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-20-2002 07:53 PM
тАО05-20-2002 07:53 PM
We have one application which requires users to upload image files to my L1000 HP9000 server running HP-UX 11.
Unfortunately, we are not yet able to design a JSP application that can allow us to do so.
We are thinking about a simple solution where we would install a graphical FTP software that will allow the end-users to upload their files.
Our problem is that with this setup, the end-users are able to browse through all the directories on the server.
Is there a way to restrict access to only one directory to a user?
Thank you in advance for your guidance.
best regards
yogeeraj
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-20-2002 07:59 PM
тАО05-20-2002 07:59 PM
Re: Limiting FTP access to only one directory
hi
Use 'rsh' for that particular user
CTK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-20-2002 08:04 PM
тАО05-20-2002 08:04 PM
Re: Limiting FTP access to only one directory
You need to have a look at the man page for 'ftpaccess'. Even if your using a GUI based application the permissions should still be restrictive to the designated directory.
In the /etc/passwd file, the sample entry is:
guest:
When guest successfully logs in, the ftp server will chroot(/ftp) and then chdir to './intray'. The guest user will only be able to access the directory structure under /ftp (which will look and act as / to guest), just as an anonymous FTP user would.
HTH
~Michael~
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-20-2002 08:06 PM
тАО05-20-2002 08:06 PM
Re: Limiting FTP access to only one directory
Thank you for the fast reply.
Not clear about "rsh"
please ellaborate.
Is it a software on the client?
please an example
thanks
Yogeeraj
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-20-2002 08:10 PM
тАО05-20-2002 08:10 PM
Re: Limiting FTP access to only one directory
This could be better for your requirements:
Explanation here:
http://www.wu-ftpd.org
Software can be found here from the porting centre.
http://hpux.connect.org.uk/hppd/hpux/Networking/FTP/wu_ftpd-2.6.1/
Cheers
~Michael~
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-20-2002 08:18 PM
тАО05-20-2002 08:18 PM
Re: Limiting FTP access to only one directory
1. cp /usr/newconfig/etc/ftpd/ftpaccess
/etc/ftpd/ftpaccess
2. create a group for ftp users called ftponly
3. create the new ftp user (say nielg) and restrict hime to /home/nielg
useradd -m -d /home/nielg -s /usr/bin/false -g ftponly nielg
4. Add this false shell to the file (just add the /usr/bin/false line to the file)
5. Change the /etc/inetd.conf file (the ftp line) to read:
ftp tcp stream nowait root /usr/lbin/ftpd ftpd -a
6. Now edit the /etc/passwd file and change the directory setting for the user: add /./ at the back of the directory
(if the line used to read:
nielg:98732jgjh:100:103::/home/nielg:/usr/bin/false
Make it :
nielg:98732jgjh:100:103::/home/nielg/./:/usr/bin/false
7. Restart inetd "inetd -c"
That should be it
Hope it helps
N
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-20-2002 08:22 PM
тАО05-20-2002 08:22 PM
Re: Limiting FTP access to only one directory
hi
u have to specify rsh for ur user
eg
mbr034:m9uORGYWXHAmQ:1034:1000:Cl. No. = 34:/usr1/setl/member/mbr034:/usr/bin/rsh
one of my user's passwd entry
and Micheal's suggestion is also good here too i have done it thats creating ftp group
CTK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-20-2002 08:23 PM
тАО05-20-2002 08:23 PM
Re: Limiting FTP access to only one directory
My step 5 should be : Add the entry to the /etc/shells file (just add the line /usr/bin/false)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-20-2002 08:38 PM
тАО05-20-2002 08:38 PM
Re: Limiting FTP access to only one directory
'rsh' = restricted shell which is on the HP-UX server.
Michael
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-20-2002 08:56 PM
тАО05-20-2002 08:56 PM
Re: Limiting FTP access to only one directory
==========================
Niel Greeff
==========================
Have gone through the steps.
The last line about "7. Restart inetd "inetd -c" " worries me a bit.
Can i do it on a production server? Will it not disconnect all connected users?
Have a look at the attachment too.
==========================
Mr. Michael Tully
Mr. Vijeesh CTK
==========================
Still does not work.
See attached a sample of the screen i get.
The user can see the whole tree structure.
Below the line from /etc/passwd:
bn:iwhBIpeNlXxFI:128:20:FTP-Brinda Nattoo,PDD-PHX,,:/prod/webroot/pdd/croquis:/usr/bin/rsh
Please advise.
Will i really need to replace my FTP server for it work?