> i am on hpux 11i v2.
I have 11.31, but these things should be similar. But it's been a
long time since I did this, so I know nothing. But, ...
> i would like to create a user that only has ftp access (no shell) and
> can upload and download files within a subdirectory tree.
You may not be the first person with such a requirement. A Forum (or
Web) search for keywords like, say:
ftp chroot guest
should find many examples, such as:
http://h30499.www3.hp.com/t5/x/x/m-p/4499614
The "no shell" part is done by specifying "/bin/false" as the shell
for the new user.
The "within a subdirectory tree" part is done by making the new user
an FTP "guest" user, which tells ftpd to do a chroot(), providing the
desired file system isolation.
man ftpd
man ftpaccess
I can't vouch for the posted list(s) of run-time libraries and so on
required in the new user's usr/lib directory, but I dimly recall seeing
some helpful error messages in some log file somewhere when something is
missing. (After the chroot() to the guest user's pseudo-root directory,
the normal /usr/bin and /usr/lib aren't there, so you need to create and
populate a new, guest-specific [/]usr directory with enough stuff to get
"ls" to work, assuming that you want the guest FTP user to be able to
get a directory listing.) Possibly useful:
ldd /usr/bin/ls
For experimentation, you can do chroot() interactively, and fiddle
around until "ls" works that way.
man 1m chroot
This may be good enough to get started. Re-inquire when it all goes
wrong.
