HPE Community
Operating System - HP-UX
1824976 Members
3658 Online
109678 Solutions
New Discussion юеВ

setting umask for an ftp-only account

 
SOLVED
Go to solution
Mike Spencer
Occasional Advisor

тАО04-28-2005 08:00 AM

тАО04-28-2005 08:00 AM

setting umask for an ftp-only account

I have recently set up an ftp-only account on one of our servers. I'm trying to set the umask to "rw- rw- r--", but it's not working as expected. I have restricted this account from starting a shell by modifying the $HOME/.profile to include only 2 lines:

umask 002
exit

This is a trusted system, in which the system-wide umask is set to 027. Can someone tell me what I'm missing?
0 Kudos
Reply
6 REPLIES 6
Uday_S_Ankolekar
Honored Contributor

тАО04-28-2005 08:22 AM

тАО04-28-2005 08:22 AM

Solution

Re: setting umask for an ftp-only account

You need to make changes in ftpaccess file and inetd.conf file for setting umask for individual ftp account.
If you want to do a system wide umask for all ftp then you can do with changes in inetd.conf file.
Here is more info on this.
http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000070978194

-USA..
Good Luck..
Reply
Steven E. Protter
Exalted Contributor

тАО04-28-2005 10:18 AM

тАО04-28-2005 10:18 AM

Re: setting umask for an ftp-only account

An ftp only account should not have a shell. It should be set to /usr/bin/false in /etc/passwd

That is an important security measure.

ftpaccess as noted is where you set umask characteristics. You can not set default characteristics to execute.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
T G Manikandan
Honored Contributor

тАО04-28-2005 04:45 PM

тАО04-28-2005 04:45 PM

Re: setting umask for an ftp-only account

if you want to gloablly set a umask for ftp you can change your inetd.conf file for the service 'ftp' from

ftp stream tcp nowait root /etc/ftpd ftpd -l

add -u option

ftp stream tcp nowait root /etc/ftpd ftpd -l -u002

Reread the inetd.conf file using

#/usr/sbin/inetd -c
0 Kudos
Reply
Mike Spencer
Occasional Advisor

тАО04-29-2005 01:22 AM

тАО04-29-2005 01:22 AM

Re: setting umask for an ftp-only account

Thanks for the replies.

I have added the following line to /etc/ftpd/ftpaccess:
upload /home/sapftp / yes sapftp ftponly 0664 dirs

In /etc/inetd.conf, I tell ftp to read ftpaccess via:
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -a /etc/ftpd/ftpaccess

Yet, when I ftp files, they're still created using the default umask of 027. What else am I missing?

Oh yeah, as a sidenote, I am also making the change to /etc/passwd, as suggested by Steven.

One more thing: Is there a quick way to determine where the umask is being set in my current operating environment?

Thanks, in advance.
0 Kudos
Reply
Devender Khatana
Honored Contributor

тАО04-29-2005 08:09 PM

тАО04-29-2005 08:09 PM

Re: setting umask for an ftp-only account

Hi Mike,

As per your config your system should have sapftp user in ftponly group with home directory /home/sapftp.

Also you are configuring to upload to / of the system which is not a good practice I think. Change your / to something like /home/sapftp as well. Allthough we are using -l option with ftpd in inetd.conf to set umasks, still you ftpaccess file should be in the syntax example file at /usr/newconfig/etc/ftpd/examples/ftpaccess.

There is no point in indicating umask in .profile of the ftpuser as I think .profile is executed when user logs in through login session not when he logs through ftp session.

HTH,
Devender


Impossible itself mentions "I m possible"
Reply
Mike Spencer
Occasional Advisor

тАО05-02-2005 02:28 AM

тАО05-02-2005 02:28 AM

Re: setting umask for an ftp-only account

Thanks to everyone for all the good feedback. Devender's post provided me with the last piece of the puzzle.

Thanks again.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.