System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Restrict ftp user to use basic commands only like ls , cd

 
saket bansal_1
Occasional Visitor

Restrict ftp user to use basic commands only like ls , cd

Hi All,
I have created a ftp user under ftponly group.
I have done the following:

1.Made an entry in /etc/ftpd/ftpacess file :
guestgroup ftponly
2.In /etc/passwd , user exists as:
cdot_hp:KinfCt2uf5Klc:122:104::/bplmisc/tap_files/chd/Tapin_Mach/HP/./:/usr/bin/ftpshell
3. In /etc/group, group exists as :
ftponly::104:
4. i have made ftp entry in /etc/inetd.conf as:
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -a -l
5. I have reconfigured /etc/inetd.cong using inetd -c command.
6.The directory structure
/bplmisc/tap_files/chd/Tapin_Mach/HP/usr/bin has been created and ls command has been pasted to this bin directory.


I want restrict this cdot_hp user to use only a set of commands like cd, put,mput,ls only...
But it is able to use all the commands that a normal ftp user can..
Pl. suggest how to restrict the user....
Also . I am unable to find binaries for ftp commands like mput..

Regards,
Saket Bansal
9 REPLIES
Steven Schweda
Honored Contributor

Re: Restrict ftp user to use basic commands only like ls , cd

> I want restrict this cdot_hp user [...]

Why do you care? How much damage can a guest
user do?

> I am unable to find binaries for ftp
> commands like mput..

"ftp" and "ftpd" are (mostly) complete
programs. There are not separate executables
(at either end) for each FTP (client or
server) command. "ls" is an exception on the
server side for this FTP server, for use with
the LIST command ("dir" or "ls" for the user
of this FTP client). It's not used for the
NLST command ("nlist" for the client user).
So far as I know, everything else is built
in.
saket bansal_1
Occasional Visitor

Re: Restrict ftp user to use basic commands only like ls , cd

Hi Steven,
Actually as per bussiness requirement we need to give ftp access to a third party vendor..so we doesn't want them to put any files on the server...But he shud be able to get them...also we dosn't want him to access the directory structure other than his home(this has been achieved).

So please suggest some way to restrict his activities...
saket bansal_1
Occasional Visitor

Re: Restrict ftp user to use basic commands only like ls , cd

A correction on above st.

He shud be able to put files on server..but restrict "get".

Rgrds,
Saket Bansal
Fredrik.eriksson
Valued Contributor

Re: Restrict ftp user to use basic commands only like ls , cd

Then why not just chmod the files? afaik ftpd's usually adhere to filesystem permissions.

remove the write permission on the folder and make sure that all files in the directory is in read only.

I might be wrong, but I seem to remember something like this.

Best regards
Fredrik Eriksson
Fredrik.eriksson
Valued Contributor

Re: Restrict ftp user to use basic commands only like ls , cd

sorry, didn't read it properly... chmod could still solve the issue, just make sure all the files is chmodded to a permission setting where he is not allowed to touch the files, while you still have write permission in the directory.

no points for this one please :P
Johnson Punniyalingam
Honored Contributor

Re: Restrict ftp user to use basic commands only like ls , cd

>>,
Actually as per bussiness requirement we need to give ftp access to a third party vendor..so we doesn't want them to put any files on the server...But he shud be able to get them...also we dosn't want him to access the directory structure other than his home(this has been achieved).

So please suggest some way to restrict his activities<<

Hi Saket,

You have created a restricted ftpuser account, so nornal behaviour
1. he cant ' do cd,he will Jailed in the said folder of the of the ftpuser account,
meaningfull he can't to Change Directory,
2. Setup the Folder permision read-only

Hope this helps,

Thx,
Johnson
Problems are common to all, but attitude makes the difference
bright image
Frequent Advisor

Re: Restrict ftp user to use basic commands only like ls , cd

Steven Schweda
Honored Contributor

Re: Restrict ftp user to use basic commands only like ls , cd

> Sounds to me like you want to [...]

Sounds to me as if he already has.

Have you tried using FTP to see files outside
this user's home directory? If you did the
guest-user stuff correctly, this should be
impossible.

> He shud be able to put files on server..but
> restrict "get".

If he already has the files, why would he
wish to get them back again? Or did you plan
to let many users use the same account, but
not see each other's files? (Or what,
exactly, worries you?) There are advantages
to giving each user his own guest account.

I haven't done this in many years, but as I
recall, you can remove "r" (or "x"?)
permission from your upload directory, and
that will stop users from seeing a listing
of the files which are there. But if the
user knows (or can guess) a file's name, he
can still fetch it.

It might be easier/faster to try some thing
(like different directory permissions) than
to ask about them.
saket bansal_1
Occasional Visitor

Re: Restrict ftp user to use basic commands only like ls , cd

--