- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Restrict ftp user to use basic commands only l...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-30-2009 01:24 AM
тАО01-30-2009 01:24 AM
Restrict ftp user to use basic commands only like ls , cd
I have created a ftp user under ftponly group.
I have done the following:
1.Made an entry in /etc/ftpd/ftpacess file :
guestgroup ftponly
2.In /etc/passwd , user exists as:
cdot_hp:KinfCt2uf5Klc:122:104::/bplmisc/tap_files/chd/Tapin_Mach/HP/./:/usr/bin/ftpshell
3. In /etc/group, group exists as :
ftponly::104:
4. i have made ftp entry in /etc/inetd.conf as:
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -a -l
5. I have reconfigured /etc/inetd.cong using inetd -c command.
6.The directory structure
/bplmisc/tap_files/chd/Tapin_Mach/HP/usr/bin has been created and ls command has been pasted to this bin directory.
I want restrict this cdot_hp user to use only a set of commands like cd, put,mput,ls only...
But it is able to use all the commands that a normal ftp user can..
Pl. suggest how to restrict the user....
Also . I am unable to find binaries for ftp commands like mput..
Regards,
Saket Bansal
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-30-2009 03:14 AM
тАО01-30-2009 03:14 AM
Re: Restrict ftp user to use basic commands only like ls , cd
Why do you care? How much damage can a guest
user do?
> I am unable to find binaries for ftp
> commands like mput..
"ftp" and "ftpd" are (mostly) complete
programs. There are not separate executables
(at either end) for each FTP (client or
server) command. "ls" is an exception on the
server side for this FTP server, for use with
the LIST command ("dir" or "ls" for the user
of this FTP client). It's not used for the
NLST command ("nlist" for the client user).
So far as I know, everything else is built
in.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-30-2009 03:36 AM
тАО01-30-2009 03:36 AM
Re: Restrict ftp user to use basic commands only like ls , cd
Actually as per bussiness requirement we need to give ftp access to a third party vendor..so we doesn't want them to put any files on the server...But he shud be able to get them...also we dosn't want him to access the directory structure other than his home(this has been achieved).
So please suggest some way to restrict his activities...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-30-2009 03:39 AM
тАО01-30-2009 03:39 AM
Re: Restrict ftp user to use basic commands only like ls , cd
He shud be able to put files on server..but restrict "get".
Rgrds,
Saket Bansal
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-30-2009 03:48 AM
тАО01-30-2009 03:48 AM
Re: Restrict ftp user to use basic commands only like ls , cd
remove the write permission on the folder and make sure that all files in the directory is in read only.
I might be wrong, but I seem to remember something like this.
Best regards
Fredrik Eriksson
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-30-2009 03:50 AM
тАО01-30-2009 03:50 AM
Re: Restrict ftp user to use basic commands only like ls , cd
no points for this one please :P
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-30-2009 03:55 AM
тАО01-30-2009 03:55 AM
Re: Restrict ftp user to use basic commands only like ls , cd
Actually as per bussiness requirement we need to give ftp access to a third party vendor..so we doesn't want them to put any files on the server...But he shud be able to get them...also we dosn't want him to access the directory structure other than his home(this has been achieved).
So please suggest some way to restrict his activities<<
Hi Saket,
You have created a restricted ftpuser account, so nornal behaviour
1. he cant ' do cd,he will Jailed in the said folder of the of the ftpuser account,
meaningfull he can't to Change Directory,
2. Setup the Folder permision read-only
Hope this helps,
Thx,
Johnson
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-30-2009 03:57 AM
тАО01-30-2009 03:57 AM
Re: Restrict ftp user to use basic commands only like ls , cd
See the following links...
(The first is a good one)
http://newfdawg.com/SHP-FTP-anon.htm
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1264911
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&taskId=115&prodSeriesId=3215373&prodTypeId=18964&objectID=c01516983
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-30-2009 04:39 AM
тАО01-30-2009 04:39 AM
Re: Restrict ftp user to use basic commands only like ls , cd
Sounds to me as if he already has.
Have you tried using FTP to see files outside
this user's home directory? If you did the
guest-user stuff correctly, this should be
impossible.
> He shud be able to put files on server..but
> restrict "get".
If he already has the files, why would he
wish to get them back again? Or did you plan
to let many users use the same account, but
not see each other's files? (Or what,
exactly, worries you?) There are advantages
to giving each user his own guest account.
I haven't done this in many years, but as I
recall, you can remove "r" (or "x"?)
permission from your upload directory, and
that will stop users from seeing a listing
of the files which are there. But if the
user knows (or can guess) a file's name, he
can still fetch it.
It might be easier/faster to try some thing
(like different directory permissions) than
to ask about them.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-30-2009 10:32 AM
тАО01-30-2009 10:32 AM