- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: FTP only user?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-16-2000 05:28 AM
тАО11-16-2000 05:28 AM
By the way, since it seems to be an issue, I assign points to any answers I get...
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-16-2000 05:39 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-16-2000 05:41 AM
тАО11-16-2000 05:41 AM
Re: FTP only user?
Just remember to add it to /etc/shells.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-16-2000 05:53 AM
тАО11-16-2000 05:53 AM
Re: FTP only user?
I recommend the use of the /bin/false shell.
This allows you to create the user, the password (and any potential updates for the password), and not allow them to log onto the server.
You get the best of all worlds, User/Password authentication and no access.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-16-2000 06:05 AM
тАО11-16-2000 06:05 AM
Re: FTP only user?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-16-2000 06:08 AM
тАО11-16-2000 06:08 AM
Re: FTP only user?
another way to deny telnet access is to use the /var/adm/inetd.sec file
telnet deny 10.40.220.100 #deny only this ip address
telnet deny 10.40.*.* #deny 10.40 range
do a man on inetd
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-16-2000 06:26 AM
тАО11-16-2000 06:26 AM
Re: FTP only user?
FYI - the .profile will never be executed if you use the /bin/false option.
I just wanted to save you a little effort in your administration of the ftp user.
Hope that helps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-16-2000 06:37 AM
тАО11-16-2000 06:37 AM
Re: FTP only user?
You are still able to use 'remsh' and bypass .profile execution.
Try this:
remsh
And you will get a nice window with a shell prompt- I do not think that was what you wanted.
Use /bin/false - method
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-16-2000 08:43 AM
тАО11-16-2000 08:43 AM
Re: FTP only user?
With regard to Tony & Allan's comments about using the "profile" exit, you can harden your profile against shell-out by adding the following trap at the very beginning:
trap "" 1 2 3
In the case you are trying to achieve, I would choose the substitution of /usr/bin/false in place of a standard shell specification in /etc/passwd. You do not need to add this to /etc/shells.
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-16-2000 12:44 PM
тАО11-16-2000 12:44 PM
Re: FTP only user?
The .profile option is not as secure as /usr/bin/false ie as previously mentioned it can be bypassed or broken out.
Do not give them a shell :-
ftpuser:*:200:10:FTP User:/home/ftp:/usr/bin/false
HTH
Paula