HPE Community
Operating System - HP-UX
1753784 Members
7180 Online
108799 Solutions
New Discussion юеВ

Re: Restrict ftp user account to view only their destination folders

 
SOLVED
Go to solution
Johnson Punniyalingam
Honored Contributor

тАО03-09-2010 09:33 PM

тАО03-09-2010 09:33 PM

Restrict ftp user account to view only their destination folders

Hi All,

Greetings & Good day :)

Can please help to advice on the below requirement,

I have already set-up restricted ftp user account we need restrict him view only destination folders only.

more /etc/ftpd/ftpaccess
class ftpclass1 real,guest *
guestgroup resftp1
chmod no guest
suppresshostname yes
suppressversion yes
log commands anonymous,guest,real
log transfers anonymous,guest,real inbound,outbound
upload /project/ftpin /upload1 yes johntest johntest 0660 nodirs
upload /project/ftpin /upload12 yes johntest johntest 0660 nodirs



# finger johntest
Login name: johntest In real life: Johntest_ftp
Directory: /project/ftpin/./ Shell: /usr/bin/false
Last login Thu Mar 11 02:45 on ftpd5866
No unread mail
No Plan.

# ftp abcftp
Connected to abcftp.
220 FTP server ready.
Name (abcftp:root): johntest
331 Password required for johntest.
Password:
230 User johntest logged in. Access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/" is current directory.
ftp> ls -l
200 PORT command successful.
150 Opening ASCII mode data connection for /usr/bin/ls.
total 0
drwx------ 2 0 3 96 Mar 10 13:12 testdir
drwxr-xr-x 2 118 107 96 Mar 10 10:24 upload1
drwxr-xr-x 2 118 107 96 Mar 10 10:24 upload12
drwxr-xr-x 3 0 3 96 Mar 10 11:40 usr
226 Transfer complete.

I would like "johntest" ftp account to see only upload1 & upload12 - directories only. not other folders like testdir & usr
Problems are common to all, but attitude makes the difference
0 Kudos
6 REPLIES 6
Turgay Cavdar
Honored Contributor

тАО03-09-2010 09:44 PM

тАО03-09-2010 09:44 PM

Solution

Re: Restrict ftp user account to view only their destination folders

Hi Johnson,
Is chroot'd ftp user usefull for you?
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c01915901
0 Kudos
Johnson Punniyalingam
Honored Contributor

тАО03-09-2010 09:48 PM

тАО03-09-2010 09:48 PM

Re: Restrict ftp user account to view only their destination folders

Hi turgay cavdar,

Link not available :(

But i have already jailed the ftp user account like they cannot go beyond, but my concern if some one create any folders than can also see

Note: We are sorry but the document you requested requires additional authorization such as a certain level of support agreement.
Problems are common to all, but attitude makes the difference
0 Kudos
Turgay Cavdar
Honored Contributor

тАО03-09-2010 10:06 PM

тАО03-09-2010 10:06 PM

Re: Restrict ftp user account to view only their destination folders

Have you tried "allow-retrieve" and "noretrieve" directive in ftpaccess?

Allows retrieval of files which would otherwise be denied by noretrieve.
0 Kudos
Johnson Punniyalingam
Honored Contributor

тАО03-09-2010 10:36 PM

тАО03-09-2010 10:36 PM

Re: Restrict ftp user account to view only their destination folders

>>Have you tried "allow-retrieve" and "noretrieve" directive in ftpaccess?<<<

NO, Can please show me example , would be thanksfull :)
Problems are common to all, but attitude makes the difference
0 Kudos
Turgay Cavdar
Honored Contributor

тАО03-09-2010 11:12 PM

тАО03-09-2010 11:12 PM

Re: Restrict ftp user account to view only their destination folders

Add the following to your config and give a try. User will still see the directories "testdir", "usr" but cant get anything from there. I dont know that is what you want to do or not.

allow-retrieve relative /upload1
allow-retrieve relative /upload12
noretrieve *
0 Kudos
Johnson Punniyalingam
Honored Contributor

тАО03-09-2010 11:38 PM

тАО03-09-2010 11:38 PM

Re: Restrict ftp user account to view only their destination folders

>>I dont know that is what you want to do or not.<<

Yes this what i am looking for, :)

Many Many -- Thanks for your wonderfull Support :)

Regards,
Johnson
Problems are common to all, but attitude makes the difference
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.