- Community Home
- >
- HPE Community, Korea
- >
- HP-UX
- >
- 일반계정 ftp 시 상위 디렉토리 제한은 ?
HP-UX
1752638
회원
5937
온라인
108788
솔루션
포럼
범주
Company
Local Language
뒤로
포럼
토론 게시판
포럼
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
토론 게시판
토론 게시판
포럼
토론 게시판
뒤로
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
블로그
정보
커뮤니티 언어
언어
포럼
블로그
- 신규로 표시
- 북마크
- 구독
- 소거
- RSS 피드 구독
- 강조
- 인쇄
- 부적절한 컨텐트 신고
날짜: 02-10-2004 11:00 PM
날짜: 02-10-2004 11:00 PM
일반계정 ftp 시 상위 디렉토리 제한은 ?
안녕하세요.
일반계정이며 ftp 만 되게 하며 홈 디렉토리 상위로는
이동 하지 않게 하려고 합니다.
anonymous FTP 에 준하여 만들었는데 상위 디렉토리로 올라 갑니다.
그룹이 geust 가 아니라 그런가요?
셀은 "/usr/bin/false" 로 하였으며
"/etc, /usr/bin" 디렉토리 생성하고 owner, permission
변경하였습니다.
무엇을 놓쳤을까요?
일반계정이며 ftp 만 되게 하며 홈 디렉토리 상위로는
이동 하지 않게 하려고 합니다.
anonymous FTP 에 준하여 만들었는데 상위 디렉토리로 올라 갑니다.
그룹이 geust 가 아니라 그런가요?
셀은 "/usr/bin/false" 로 하였으며
"/etc, /usr/bin" 디렉토리 생성하고 owner, permission
변경하였습니다.
무엇을 놓쳤을까요?
7 응답 7
- 신규로 표시
- 북마크
- 구독
- 소거
- RSS 피드 구독
- 강조
- 인쇄
- 부적절한 컨텐트 신고
날짜: 02-10-2004 11:00 PM
날짜: 02-10-2004 11:00 PM
일반계정 ftp 시 상위 디렉토리 제한은 ?
ftp만 가능하고 자신의 home directory밖으로 나가는 것을 제한하는 방법입니다.
1. ftpaccess file을 설정합니다.
a. cd /etc/ftpd
b. cp -p /usr/newconfig/etc/ftpd/ftpaccess .
c. vi ftpaccess
"guestgroup ftponly" 항목을 이미 존재하는 group으로 변경하거나 그대로 두고 /etc/group file에 ftponly라는 group을 생성하시면 됩니다.
2. /etc/inetd.conf file을 수정합니다.2. /etc/inetd.conf file을 수정합니다.
a. vi /etc/inetd.conf
b. ftp daemon에 -a option을 추가합니다.
c. ftp stream tcp nowait root /usr/lbin/ftpd ftpd -a -l
3. inetd daemon이 config file을 다시 읽도록 합니다.
inetd -c
4. 가짜 shell을 만들어 해당 user에게 ftp만 가능하도록 설정합니다.
a. vi /usr/bin/ftpshell
b. exit 0 을 입력한 후 빠져 나옵니다.
c. chmod 555 /usr/bin/ftpshell
d. chown bin:bin /usr/bin/ftpshell
5. /etc/shells file을 만듭니다.
a. vi /etc/shells
b. file에 아래의 line들을 추가합니다.
/sbin/sh
/usr/bin/ksh
/usr/bin/sh
/usr/bin/csh
/usr/bin/rsh
/usr/bin/rksh
/usr/bin/keysh
/bin/sh
/bin/ksh
/bin/csh
/bin/rsh
/bin/rksh
/usr/bin/ftpshell
6. system에 user를 등록합니다. 이 때 'ftponly'로 지정한 group을 사용하여야 하며 login shell은 /usr/bin/ftpshell을 설정하십시오.
7. home directory에 chroot를 설정하기 위해 home directory부분에 아래와 같이 설정합니다.
/home/username/./
8. ls 명령을 제공하기 위해서 아래와 같이 실행합니다.
a. cd /home/username
b. mkdir usr
c. mkdir usr/bin
d. cp -p /sbin/ls usr/bin
e. chown -R bin:bin usr
f. chmod -R 555 usr
1. ftpaccess file을 설정합니다.
a. cd /etc/ftpd
b. cp -p /usr/newconfig/etc/ftpd/ftpaccess .
c. vi ftpaccess
"guestgroup ftponly" 항목을 이미 존재하는 group으로 변경하거나 그대로 두고 /etc/group file에 ftponly라는 group을 생성하시면 됩니다.
2. /etc/inetd.conf file을 수정합니다.2. /etc/inetd.conf file을 수정합니다.
a. vi /etc/inetd.conf
b. ftp daemon에 -a option을 추가합니다.
c. ftp stream tcp nowait root /usr/lbin/ftpd ftpd -a -l
3. inetd daemon이 config file을 다시 읽도록 합니다.
inetd -c
4. 가짜 shell을 만들어 해당 user에게 ftp만 가능하도록 설정합니다.
a. vi /usr/bin/ftpshell
b. exit 0 을 입력한 후 빠져 나옵니다.
c. chmod 555 /usr/bin/ftpshell
d. chown bin:bin /usr/bin/ftpshell
5. /etc/shells file을 만듭니다.
a. vi /etc/shells
b. file에 아래의 line들을 추가합니다.
/sbin/sh
/usr/bin/ksh
/usr/bin/sh
/usr/bin/csh
/usr/bin/rsh
/usr/bin/rksh
/usr/bin/keysh
/bin/sh
/bin/ksh
/bin/csh
/bin/rsh
/bin/rksh
/usr/bin/ftpshell
6. system에 user를 등록합니다. 이 때 'ftponly'로 지정한 group을 사용하여야 하며 login shell은 /usr/bin/ftpshell을 설정하십시오.
7. home directory에 chroot를 설정하기 위해 home directory부분에 아래와 같이 설정합니다.
/home/username/./
8. ls 명령을 제공하기 위해서 아래와 같이 실행합니다.
a. cd /home/username
b. mkdir usr
c. mkdir usr/bin
d. cp -p /sbin/ls usr/bin
e. chown -R bin:bin usr
f. chmod -R 555 usr
- 신규로 표시
- 북마크
- 구독
- 소거
- RSS 피드 구독
- 강조
- 인쇄
- 부적절한 컨텐트 신고
날짜: 02-10-2004 11:00 PM
날짜: 02-10-2004 11:00 PM
일반계정 ftp 시 상위 디렉토리 제한은 ?
아래의 내용은 HP document 입니다.
참조하시길.. 10.20 은 아래의 패치를 하시고 하셔야한다고 하네요..
How to setup a restricted user for FTP access DocId: BC0814KBRC00007719 Updated: 8/14/01 3:40:00 PM
PROBLEM
How can I setup a user for FTP access only, so that they will not be able to
access any other directories or files on the system?
On 11.0: I would like to have the following ftp access settings:
-- restrict the user to be active in their home directory and its
sub-directories only.
-- restrict the user to have up to max 5 FTP sessions only.
-- non-retrieval of the system configuration files, ie
/etc/passwd, core, and etc.
(On HP-UX 10.20, you need to use public domain wu-ftp, then the
below method patch is PHNE_23948)
RESOLUTION
Here's the instructions on achieving your design for ftp access into the server:
1)load in PHNE_23949 (or latest ftp/ftpd). This patch resolves a couple of
issues with ftpaccess.
2) create a user via SAM (eg. user= test1 group= none)
3) This user has ONLY ftp access, so it would be wise to
code the start-up program as /usr/bin/false
4) For the home directory, specify /home//. eg:
/home/test1/./ (explanation in man ftpaccess)/etc/passwd looks like
test1:qXznDQ1RUwqZ6:115:20:,,,:/home/test1/./:/usr/bin/false
**ignore the error with SAM not being able to create a /. directory.
5) all other questions in SAM are as per normal.
6) ensure that /usr/bin/false is also coded in a file /etc/shells
7) then edit-create the file /etc/ftpd/ftpaccess to have these lines:
class all test1,guest * <-- line#1
guestgroup none <-- line#2
limit all 5 Any /no-more-ftp-access <-- line#3
noretrieve /etc/passwd core <-- line#4
with #chmod 444 ftpaccess
#chown bin:bin ftpaccess
Explanation:
line#1 : 'class' is a verb
'all' is a class of users;
you can call it anything you like.
'guest' is a verb “test1” is the user name
'*' is the range of users allowed to ftp
into the machine.
You can restrict this further if you want to.
Do a man ftpaccess
line#2 : 'guestgroup' is a verb
: 'none' is the group name of the users
that have been coded via SAM
(see /etc/group to find out what group
that has)
line#3 : 'limit' is a verb
'all' as per line#1,the class of users.
'5' is the number of ftp sessions; in this case
its five.
You can change it to any number of your choice.
'Any' , do a man ftpaccess for explanation
'/no-more-ftp-access' is a filename that
contains a message to be displayed when the
limit is reached.
line#4 : types of files to restrict
8) then edit /etc/inetd.conf to add in '-a' argument for ftpd; thus:
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -a
9) inetd -c (to re-read the configuration file)
10) Create the following subdirecties and files:
a. ~test1/usr
#chown –R bin:bin usr
#chmod 555 usr
b. ~test1/usr/bin
#chown root bin
#chmod 555 bin
#cp -p /sbin/ls ~test1/usr/bin/ls
11) The ~test1/usr/bin/ls allows the use of the 'ls' command in ftp to find out
the files that are present in their directory.
12) test to verify
참조하시길.. 10.20 은 아래의 패치를 하시고 하셔야한다고 하네요..
How to setup a restricted user for FTP access DocId: BC0814KBRC00007719 Updated: 8/14/01 3:40:00 PM
PROBLEM
How can I setup a user for FTP access only, so that they will not be able to
access any other directories or files on the system?
On 11.0: I would like to have the following ftp access settings:
-- restrict the user to be active in their home directory and its
sub-directories only.
-- restrict the user to have up to max 5 FTP sessions only.
-- non-retrieval of the system configuration files, ie
/etc/passwd, core, and etc.
(On HP-UX 10.20, you need to use public domain wu-ftp, then the
below method patch is PHNE_23948)
RESOLUTION
Here's the instructions on achieving your design for ftp access into the server:
1)load in PHNE_23949 (or latest ftp/ftpd). This patch resolves a couple of
issues with ftpaccess.
2) create a user via SAM (eg. user= test1 group= none)
3) This user has ONLY ftp access, so it would be wise to
code the start-up program as /usr/bin/false
4) For the home directory, specify /home//. eg:
/home/test1/./ (explanation in man ftpaccess)/etc/passwd looks like
test1:qXznDQ1RUwqZ6:115:20:,,,:/home/test1/./:/usr/bin/false
**ignore the error with SAM not being able to create a /. directory.
5) all other questions in SAM are as per normal.
6) ensure that /usr/bin/false is also coded in a file /etc/shells
7) then edit-create the file /etc/ftpd/ftpaccess to have these lines:
class all test1,guest * <-- line#1
guestgroup none <-- line#2
limit all 5 Any /no-more-ftp-access <-- line#3
noretrieve /etc/passwd core <-- line#4
with #chmod 444 ftpaccess
#chown bin:bin ftpaccess
Explanation:
line#1 : 'class' is a verb
'all' is a class of users;
you can call it anything you like.
'guest' is a verb “test1” is the user name
'*' is the range of users allowed to ftp
into the machine.
You can restrict this further if you want to.
Do a man ftpaccess
line#2 : 'guestgroup' is a verb
: 'none' is the group name of the users
that have been coded via SAM
(see /etc/group to find out what group
that has)
line#3 : 'limit' is a verb
'all' as per line#1,the class of users.
'5' is the number of ftp sessions; in this case
its five.
You can change it to any number of your choice.
'Any' , do a man ftpaccess for explanation
'/no-more-ftp-access' is a filename that
contains a message to be displayed when the
limit is reached.
line#4 : types of files to restrict
8) then edit /etc/inetd.conf to add in '-a' argument for ftpd; thus:
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -a
9) inetd -c (to re-read the configuration file)
10) Create the following subdirecties and files:
a. ~test1/usr
#chown –R bin:bin usr
#chmod 555 usr
b. ~test1/usr/bin
#chown root bin
#chmod 555 bin
#cp -p /sbin/ls ~test1/usr/bin/ls
11) The ~test1/usr/bin/ls allows the use of the 'ls' command in ftp to find out
the files that are present in their directory.
12) test to verify
위에 명시된 의견은 Hewlett Packard Enterprise가 아닌 저자의 개인 의견입니다. 이 사이트를 사용하면 이용 약관에 동의하게되며 참여 규칙 .
뉴스 및 이벤트
© Copyright 2024 Hewlett Packard Enterprise Development LP