Security
cancel
Showing results for 
Search instead for 
Did you mean: 

How to add a second anonymous ftp account?

SOLVED
Go to solution
Grande Mario
Advisor

How to add a second anonymous ftp account?

Hi,

I'm trying to add an additional ftp (FTP1) user
but login via this additional ftp user is not possible.

See below how i have created the first ftp user
who works fine:

1) Add a new user by using the adduser script.

# /usr/sbin/adduser

Enter login name for new user (initials, first or last name): ftp

Enter uid for new user [13]:

Enter full name for new user: ftp

What login group should this user go into [users]: ftp

Enter parent directory for ftp [/usr/users]: /usr/users

Enter the users login shell name [/bin/csh]:

Adding new user ...

Rebuilding the passwd data base...
The data base is already up to date.

Creating home directory...

2) Change ftp user shell with vipw to /usr/bin/false

ftp:Nologin:10000:202:Anonymous FTP:/usr/users/ftp:/usr/bin/false

3) Change directory to home directory of ftp

cd ~ftp

4) Create necessary directories

mkdir bin etc pub lib dev

5) Make sure root is the owner of non-public dirs

chown root . bin etc lib dev

6) Change owner of the public directory to ftp

chown ftp pub

7) Allow full public access to public directory

chmod 777 pub

8) Provide the “ls” command for the change-root environment

cp `which ls` bin

9) Allow only execute access

chmod 111 bin/ls

10) Provide passwd and group file for the change-root environment

cp /etc/passwd etc
cp /etc/group etc

11) Allow only read access for the files

chmod 444 etc/passwd
chmod 444 etc/group

12) Edit ~ftp/etc/passwd and delete all users except
root and ftp

The file ~ftp/etc/passwd looks like this:
root:DUQbFQv2jr2NY:0:1:system PRIVILEGED account:/:/usr/bin/ksh
ftp:Nologin:10000:202:Anonymous FTP:/usr/users/ftp:/usr/bin/false

susten# ftp smelly
Connected to smelly.che.hp.com.
220 smelly.che.hp.com FTP server (Compaq Tru64 UNIX Version 5.60) ready.
Name (smelly:grandem): ftp
331 Guest login ok, send ident as password.
Password:

I then created a second ftp (FTP1) user with the same procedure but
login of this user doesn't functions:

susten# ftp smelly
Connected to smelly.che.hp.com.
220 smelly.che.hp.com FTP server (Compaq Tru64 UNIX Version 5.60) ready.
Name (smelly:grandem): ftp1
530 User ftp1 access denied.
Login failed.
Remote system type is UNIX.
Using binary mode to transfer files.


see extract /etc/passwd
ftp:nologin:30:15:Anonymous FTP:/crash:/bin/false
ftp1:Nologin:31:15:Anonymous FTP1:/usr/tmp/ftp1:/bin/false


see extract /etc/group
users:*:15:


Any hint would be very appreciated!

cheers
Mario Grande
MCC Switzerland
6 REPLIES
Ivan Ferreira
Honored Contributor
Solution

Re: How to add a second anonymous ftp account?

I think this account won't work because the ftp daemon uses the "ftp" account to login anonymously, and ftp1 is not recognized as an anonymous account.

What do you want to accomplish?
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Grande Mario
Advisor

Re: How to add a second anonymous ftp account?

Hi,

Customer needs to have more then one ftp user with restricted shell and each user has it's own home dir. No change dir to another dir as the own home should be allowed. This works perfect with user ftp but not with ftp1 for example.

Any hint on how we can do that?

cheers
Grande Mario
Advisor

Re: How to add a second anonymous ftp account?

Addendum:

I have added /bin/false to /etc/shells.
Now login with ftp1 works but the restricted
shell not. And password is always needed to login.
I think that the restricted shell doesn't work
with another user then ftp by design.

cheers,
Mario Grande
Ann Majeske
Honored Contributor

Re: How to add a second anonymous ftp account?

Tru64 UNIX ftp only supports one anonymous ftp account.

Tru64 UNIX does support multiple users with restricted shells, see "man Rsh". You could look into setting up the second account with a restricted shell, but not an ftp anonymous account. See the ftpd man page information on "Basic Connection" to see what attributes other accounts must have to use ftp.

There are other versions of ftp that allow multiple anonymous ftp accounts, you could look into getting one of these.

Ann
Ivan Ferreira
Honored Contributor

Re: How to add a second anonymous ftp account?

You can install wu-ftpd from the Internet Express Collection for Tru64. This will allow you to configure user accounts in a chroot environment.

Is this scheme, users must logon with a valid user and password, but restricted to their home directory.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Grande Mario
Advisor

Re: How to add a second anonymous ftp account?

Hi everybody,

Thanks a lot for your replies!
I'll have a look @ rsh and wu-ftp and give you feedback asap.

cheers
Mario Grande