Setting Permission for FTP only user

Md. Minhaz Khan · ‎09-16-2010

Dear All,

I have configured a ftp only user "ftpuser" whose home directory is "/home/ftpuser". This user is chroot to its home directory. I want to set permission "-rw-r-rw-" when upload file. For this reason i have given below entry for "ftpuser" in the "/etc/ftpd/ftpaccess" file:

upload /home/ftpuser/./ /home/ftpuser yes ftpuser ftponly 0646
upload /home/minkhan /home/minkhan yes minkhan users 0222

But if we upload file using "minkhan" user we get our required permission i.e. 0222.

Can any one help me what i am missing for "ftpuser".

I have attached the configuration steps of "ftpuser". Please verify this.

# cat /etc/passwd|grep ftpuser
ftpuser:AfluQrHIeOG.U:116:107::/home/ftpuser/./:/usr/bin/ftpshell
# cat /etc/passwd|grep minkhan
minkhan:fDtSyDZccv5YY:115:20::/home/minkhan:/sbin/sh
# cat /usr/bin/ftpshell
exit 0
# cat /etc/inetd.conf|grep ftpd

ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -a

Thanks
Minhaz

Md. Minhaz Khan · ‎09-16-2010

Please find the attachment.

Md. Minhaz Khan · ‎09-16-2010

Please find the attachment for ftp only user configuration steps.

Hakki Aydin Ucar · ‎09-16-2010

under
/etc/inetd.conf

the row start with ftp is for control privileges.

Md. Minhaz Khan · ‎09-17-2010

Dear Hakki,

I know in the "/etc/inetd.conf" file
"ftp -u UMASK" control the permission privileges but this is Global i.e. if i set permission in the "inetd.conf" file all user have the same permission. But i want to set permission for specific user. I have succeed with this but the problem is that when i want to set this in the ftpaccess file for FTP only user (chroot to his home directory in this case "ftpuser") , it is not working but for the user "minkhan" is working well.

Please help me what i am missing for "ftpuser"
to control permission ??

Thanks
Minhaz

Md. Minhaz Khan · ‎09-17-2010

Dear All,

Any advise or any suggestion ??

Thanks
Minhaz

Hakki Aydin Ucar · ‎09-17-2010

Use This Procedure:
-->>
1. Configure the ftpaccess file:

a. cd /etc/ftpd
b. cp -p /usr/newconfig/etc/ftpd/ftpaccess . (OR cp -p /usr/newconfig/etc/ftpd/examples/ftpaccess . )

c. vi ftpaccess. At the bottom of the file there is a guestgroup
directive 'guestgroup ftponly'.
i. Create ftponly group on your system.

2. Modify the /etc/inetd.conf file to enable the use of the ftpaccess file:
a. vi /etc/inetd.conf
b. Add the -a flag to the ftp daemon.
c. ftp stream tcp nowait root /usr/lbin/ftpd ftpd -a -l

4. Make inetd re-read its configuration:
inetd -c

5. Create a bogus shell for users that will only have FTP access to the system:
a. vi /usr/bin/ftpshell
b. Write following line in the ftpshell file
exit 0
c. chmod 555 /usr/bin/ftpshell
d. chown bin:bin /usr/bin/ftpshell

6. Create an /etc/shells file:
a. vi /etc/shells
b. Include necessary shell etc. lines in the file:

/sbin/sh
/usr/bin/ksh
/usr/bin/sh
/usr/bin/csh
/usr/bin/rsh
/usr/bin/ftpshell

7. Now add a user to the system. Use a group that is 'ftponly' and make the user's shell /usr/bin/ftpshell.

8. Use SAM to limit the user to his home directory by setting up the directory in this form:
/directory_you_want_them_to_access/./
Note: The /./ is the important key here.

9. Provide the user with an ls command:
a. cd /home/username
b. mkdir usr
c. mkdir usr/bin
d. cp -p /sbin/ls usr/bin
e. chown -R bin:bin usr
f. chmod -R 555 usr

-->>

Md. Minhaz Khan · ‎09-17-2010

Dear Hakki,

I have followed the exact procedure that you mentioned & ftp only user working. But my problem is when i upload file using this ftponly user i did not get my required permission. For other normal user i have get my required permission.

Did you got my point ??? Can u try in your test environment

Thanks
Minhaz

Md. Minhaz Khan · ‎09-17-2010

Dear All,

Any advise or help to get the solution ??

Thanks
Minhaz