HPE Community
Operating System - HP-UX
1753758 Members
4733 Online
108799 Solutions
New Discussion юеВ

Re: Restricted incoming ftp accounts

 
SOLVED
Go to solution
Brendan Newport
Frequent Advisor

тАО07-19-2001 02:28 AM

тАО07-19-2001 02:28 AM

Restricted incoming ftp accounts

Without resorting to WU-FTP or so forth, I've been experimenting in trying to establish a restricted "real" ftp account, i.e. one where the ftp user's ability to cd beyond their defined "/" is curtailed.

It's (relatively) easy to perform with users anonymous and ftp, but I'm struggling with a "real" account. I've tried to configure an ftpaccess file, but so far managed to simply deny ALL ftp access to the server when I add a -a flag to the ftpd entry in /etc/inetd.conf and perform an inetd -c.

Ultimately I suspect that this functionality, though available, isn't perhaps sufficiently flexible. But if anyone has any pointers on a correctly-configured ftpaccess file (particularly the class and guestgroup entries) I would be most grateful.

Bren
"It doesn't have to be like this. All we need to do is make sure we keep talking"(Dave Gilmour)
0 Kudos
Reply
5 REPLIES 5
Christopher Caldwell
Honored Contributor

тАО07-19-2001 09:24 AM

тАО07-19-2001 09:24 AM

Solution

Re: Restricted incoming ftp accounts

If you're running HP-UX 11, you've got wu-ftpd (whether you want it or not). The man page is a snoozer - look here to configure your ftp access file to do exactly what you want:
http://www.wu-ftpd.org/HOWTO/guest.HOWTO
Reply
Admin.SIF
Frequent Advisor

тАО07-19-2001 12:10 PM

тАО07-19-2001 12:10 PM

Re: Restricted incoming ftp accounts

What about this document ?
Nora
Sysd. Amin. Inforef
Reply
Herve BRANGIER
Respected Contributor

тАО07-19-2001 10:32 PM

тАО07-19-2001 10:32 PM

Re: Restricted incoming ftp accounts


Hi

If you want to have a real user as a guest one
you need to configure ftpaccess. If your guest
group is called guest :

/etc/ftpd/ftpaccess (second line is the one
to permit all users to connect to your system):

guestgroup guest
class all real,guest,anonymous *

/etc/group :

guest::500:export

/etc/passwd :

export::500:500::/home/export/./incoming:/usr/bin/false

/etc/shell (minimum):

/usr/bin/sh
/usr/bin/rsh
/usr/bin/ksh
/usr/bin/rksh
/usr/bin/csh
/usr/bin/keysh
/usr/bin/false


And now create the virtual root in /home/export
(see ftpd man page, a really good cookbook).

If you want to limit access (see man ftpaccess)
you can add "upload..." lines to permit or not
upload on directories.

HTH

Herv?
Reply
Brendan Newport
Frequent Advisor

тАО07-19-2001 11:18 PM

тАО07-19-2001 11:18 PM

Re: Restricted incoming ftp accounts

Well done gang!

Each answer was absolutely relevant and useful.
I think I've got it now. 10 points all 'round I think.
"It doesn't have to be like this. All we need to do is make sure we keep talking"(Dave Gilmour)
0 Kudos
Reply
Frank Li
Trusted Contributor

тАО07-20-2001 12:07 AM

тАО07-20-2001 12:07 AM

Re: Restricted incoming ftp accounts

Hi,Last few days ,I just implment the real user ftp ( and with restrict access to their own home dir) on hpux11.0 !

1. First you should edit the /etc/inetd.conf file with the "-a" option
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -a
After you edited it ,issue " inetd -c"

2. Second you should revise the /etc/passwd file , append the /./ to their home directory ! like following !
user1:Atv37/cTtYInw,/.hN:555:555:FTP user:/export/home/ftp/./:/usr/bin/false

3. Create a group which contain the ftpuser in /etc/group
ftpguest::555:iftp,ftp,public
4. then Edit the /etc/ftpd/ftpaccess file , my ftpaccess file is :
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
class all real,guest,anonymous *

# Define the line that limits the ftponly group to their own directories

# in the ftp-root heirarchy.
guestgroup ftpguest ## Here is the group name

email mail@labc.com

loginfails 5

readme README* login
readme README* cwd=*

message /welcome.msg login
message .message cwd=*

compress yes all
tar yes all
chmod no guest,anonymous
delete no guest,anonymous
overwrite no guest,anonymous
rename no guest,anonymous

log transfers anonymous,real inbound,outbound

shutdown /etc/shutmsg

passwd-check rfc822 warn
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

5. You can restrict any user by /etc/ftpd/ftpusers file


I have tested it on HPUX11.0 and it works fine for me . in fact , if you "man ftpd " and if the ftpd daemon has a "-a" option , I think it's fine to make it works too !

Good luck .

Hi Friend
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.