- Community Home
- >
- Servers and Operating Systems
- >
- Operating System - HP-UX
- >
- System Administration
- >
- Re: how can i create an ftp user that is restricte...
-
- Forums
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Latin America
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-09-2015 09:11 AM
10-09-2015 09:11 AM
how can i create an ftp user that is restricted to a subdirectory tree?
i would like to create a user that only has ftp access (no shell) and can upload and download files within a subdirectory tree.
for example, say i have a directory /xyz/client and within i have /xyz/data/client_1, /xyz/data/client_2 etc...
the ftp user should be able to upload and download files anywhere after /xyz/client. if i add /xyz/client_3 directory later on, the user should be able to upload and downfile files to that directory aswell.
in short, the user will only have access to /xyz/client and beyond with the ability to upload and download files.
if someone can guide me in the right direction i will greatly appreciate it.
i am on hpux 11i v2.
- Tags:
- ftp
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-09-2015 03:36 PM
10-09-2015 03:36 PM
Re: how can i create an ftp user that is restricted to a subdirectory tree?
> i am on hpux 11i v2.
I have 11.31, but these things should be similar. But it's been a
long time since I did this, so I know nothing. But, ...
> i would like to create a user that only has ftp access (no shell) and
> can upload and download files within a subdirectory tree.
You may not be the first person with such a requirement. A Forum (or
Web) search for keywords like, say:
ftp chroot guest
should find many examples, such as:
http://h30499.www3.hp.com/t5/x/x/m-p/4499614
The "no shell" part is done by specifying "/bin/false" as the shell
for the new user.
The "within a subdirectory tree" part is done by making the new user
an FTP "guest" user, which tells ftpd to do a chroot(), providing the
desired file system isolation.
man ftpd
man ftpaccess
I can't vouch for the posted list(s) of run-time libraries and so on
required in the new user's usr/lib directory, but I dimly recall seeing
some helpful error messages in some log file somewhere when something is
missing. (After the chroot() to the guest user's pseudo-root directory,
the normal /usr/bin and /usr/lib aren't there, so you need to create and
populate a new, guest-specific [/]usr directory with enough stuff to get
"ls" to work, assuming that you want the guest FTP user to be able to
get a directory listing.) Possibly useful:
ldd /usr/bin/ls
For experimentation, you can do chroot() interactively, and fiddle
around until "ls" works that way.
man 1m chroot
This may be good enough to get started. Re-inquire when it all goes
wrong.
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2021 Hewlett Packard Enterprise Development LP