Operating System - HP-UX
1748070 Members
5306 Online
108758 Solutions
New Discussion юеВ

Restrict users access to ftp and make su to root

 
Felix  Tabares
Contributor

Restrict users access to ftp and make su to root

I need the ftp service is restricted, this measure of security on the server, which is the operating system 11.23 an user for du to root.

I know that file is edited to make this happen

thanks
4 REPLIES 4
VK2COT
Honored Contributor

Re: Restrict users access to ftp and make su to root

Hello,

Many possible scenarios. Start with:

a) Edit /var/adm/inetd.sec and
limit access to FTP daemon on the server.

b) Edit files in /etc/ftpd to tune up the
FTP services:

ftpaccess
ftpusers

c) Enable SU_ROOT_GROUP variable in
/etc/default/security config file and
make users that need to su(1M) to root be
part of that Unix group.

If I had it my way, I would disable FTP and
move to SSH/SFTP.

Likewise, maybe setting RBAC for some users
would help avoid the need to give them su(1M) access to root.

Cheers,

VK2COT
VK2COT - Dusan Baljevic
Steven E. Protter
Exalted Contributor

Re: Restrict users access to ftp and make su to root

Shalom,

the ftpaccess file is counter intuitive. You add people to it to restrict access.

Also, some ws-ftpd releases had bugs that allowed root access.

I would drop ftp in favor of openssh sftp if possible.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Tim Nelson
Honored Contributor

Re: Restrict users access to ftp and make su to root

proftp is also an option and available via IExpress on software.hp.com

Ismail Azad
Esteemed Contributor

Re: Restrict users access to ftp and make su to root

/etc/ftpd/ftpusers will deny access to ftp users and not allow. You will probably have to create this file. The same goes for /var/adm/inetd.sec. But if you are talking about completely deactivating ftp then you should be doing it in the /etc/inetd.conf file by commenting it out. It can also be done in /etc/services although HP does not recommend this.
Read, read and read... Then read again until you read "between the lines".....