HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
cancel
Showing results for 
Search instead for 
Did you mean: 

ftp acccess for users

 
SOLVED
Go to solution

ftp acccess for users

I need to limit ftp access. I am assuming that I need to implement the ftpaccess file. My goal is to limit ALL users (except root) to just one directory. The users should only be able to access /ftpfiles. Does anyone have an example of how to define this? THX!
Yesterday was the first day of the rest of your life
6 REPLIES
Hakki Aydin Ucar
Honored Contributor

Re: ftp acccess for users

Hi

then you can use /etc/ftpuser. The ftpd daemon rejects remote logins to local user accounts that are named in /etc/ftpusers.
Just pick up and put users in this file.
Sunny123_1
Esteemed Contributor

Re: ftp acccess for users

Hi

The FTP configuration file is the ftpaccess file. It resides in the /etc/ftpd directory. If you do not currently have one, make a copy from the one located in the newconfig directory:

On HP-UX 11:

#cp /usr/newconfig/etc/ftpd/ftpaccess /etc/ftpd/ftpaccess

On HP-UX 11i:

#cp /usr/newconfig/etc/ftpd/examples/ftpaccess /etc/ftpd/ftpaccess



The FTP daemon will not use the configuration file until the /etc/inetd.conf file is edited to include the following:


ftp stream tcp nowait root /usr/lbin/ftpd ftpd -a /etc/ftpd/ftpaccess



Replacing the lowercase â aâ with the uppercase â Aâ will disable the use of the FTP configuration file. For the Internet Daemon to read this new configuration setting, you must run inetd with the â -câ option. (inetd â c). The following are examples of a few of the options available in the configuration file:



noretrieve:

Example:
noretrieve /etc/passwd /etc/group core .netrc .rhosts

Description:

Files listed after the noretrieve option are files that cannot be retrieved with FTP. When only the file name is specified (as with core, .netrc, and .rhosts), then no files on the system with that name can be retrieved. When the full pathname is used (as in /etc/passwd and /etc/group), that specific file cannot be retrieved. In this example, /etc/passwd could not be retrieved but a file named /tmp/passwd or /etc/passwd.old could be retrieved.



deny:

Example:
deny ctg500g /etc/ftpd/ctg500g_denymsg

Description:

The deny option is used to deny access to a particular host or a group of hosts. In addition, a message can be displayed to the client attempting FTP access. The â !nameservedâ parameter can also be used as the hostname to prohibit access to sites who do not have a working nameserver. Note that the parameter ends in â dâ , not â râ .



loginfails:
Example:

loginfails 2

Description:

The loginfails option is used to limit the number of FTP login attempts before the connection is terminated. The default value is 5


Regards
Sunny

Re: ftp acccess for users

I'm lost. I have the /etc/ftpd/ftpaccess file in place. I don't want to deny any users access. I just want to restrict users to one directory on the system. Do I use the noretrieve option? Thanks for the quick responses!
Yesterday was the first day of the rest of your life
Sunny123_1
Esteemed Contributor

Re: ftp acccess for users

Hi

For that you can use

noretrieve:

Example:
noretrieve /etc/passwd /etc/group core .netrc .rhosts

Description:

Files listed after the noretrieve option are files that cannot be retrieved with FTP. When only the file name is specified (as with core, .netrc, and .rhosts), then no files on the system with that name can be retrieved. When the full pathname is used (as in /etc/passwd and /etc/group), that specific file cannot be retrieved. In this example, /etc/passwd could not be retrieved but a file named /tmp/passwd or /etc/passwd.old could be retrieved

Regards
Sunny
Steven Schweda
Honored Contributor
Solution

Re: ftp acccess for users

> I'm lost.

It's all the helpful advice.

If you wish to confine users to some
particular directory, then you can make them
"guest" users. "man ftpd", look for "guest".
It's much like anonymous FTP, but with real
log-in info.

A Forum search for keywords like
ftp guest
or
ftp chroot

should find (far too) many previous similar
discussions.

Re: ftp acccess for users

I will check previous posts -Thanks
Yesterday was the first day of the rest of your life