HPE Community
Operating System - HP-UX
1829752 Members
1366 Online
109992 Solutions
New Discussion

anonymous ftp

 
Mike_21
Frequent Advisor

‎11-26-2001 08:53 AM

‎11-26-2001 08:53 AM

anonymous ftp

We have anonymous ftp running. Is there a way to eliminate anonymous users from accessing a specific directory? I would like regular users with UNIX id/pass to still be able to ftp to this directory.

Thanks
0 Kudos
Reply
6 REPLIES 6
eran maor
Honored Contributor

‎11-26-2001 09:04 AM

‎11-26-2001 09:04 AM

Re: anonymous ftp

Hi Mike

it you want to disable the user just delete it
from the /etc/passwd in you dont want any
anonymous ftp user will login to your system .

other user that have a valid user on the system can do a login with the ftp with no problem .

if you want that the anonymous ftp will be enable but he will not have access to a dir it
is just a primmsion issue of the dir that you dont want him to log .

user anonymous most of the time are group to the group other and if other doent have access
to the dir he will not able to log in the system

i m also giving a white peper how to config the anonymous user in a system
love computers
0 Kudos
Reply
Roger Baptiste
Honored Contributor

‎11-26-2001 09:05 AM

‎11-26-2001 09:05 AM

Re: anonymous ftp


Hi,

The following document has details on restricting users to a directory:
http://us-support.external.hp.com/cki/bin/doc.pl/sid=5e97849c1c7733dce2/screen=ckiDisplayDocument?docId=200000057370859

hth
raj
Take it easy.
0 Kudos
Reply
Joseph C. Denman
Honored Contributor

‎11-26-2001 09:06 AM

‎11-26-2001 09:06 AM

Re: anonymous ftp

One easy way that comes to mind is to create another group?

such as guest2

Assign valid users that that group.

mkdir /home/ftp/pub/newdir
chown root:guest2 /home/ftp/pub/newdir
chmod 770 /home/ftp/pub/newdir

anonymous users will not be able to access the newdir but your valid users will.

There may be an easier way, but this would be fairly simple.

...jcd...
If I had only read the instructions first??
0 Kudos
Reply
Christopher Caldwell
Honored Contributor

‎11-26-2001 09:08 AM

‎11-26-2001 09:08 AM

Re: anonymous ftp

Most folks point anonymous ftp at a directory with limited security implications. The server gets there via chroot. Here's how to configure anonymous access (from man ftpd):

4)
If the user name is ``anonymous'' or ``ftp'', an anonymous ftp account must be present in the password file (user ``ftp''). In this case the user is allowed to log in by specifying any password (by convention this is given as the client host's name).
In the last case, ftpd takes special measures to restrict the client's access privileges. The server performs a chroot(2) command to the home directory of the ``ftp'' user. In order that system security is not breached, it is recommended that the ``ftp'' subtree be constructed with care; the following rules are recommended.

~ftp)
Make the home directory owned by super-user and unwritable by anyone.
~ftp/bin)
Make this directory owned by the super-user and unwritable by anyone. The program ls(1) must be present to support the list command. This program should have mode 111.
~ftp/etc)
Make this directory owned by the super-user and unwritable by anyone. The files passwd(5) and group(5) must be present for the ls command to be able to produce owner names rather than numbers. Depending on the operating system, there may be other required files. Check your manual page for the getpwent(3) library routine. The password field in passwd is not used, and should not contain real encrypted passwords. These files should be mode 444 and owned by the super-user. Don't use the system's /etc/passwd file as the password file or the system's /etc/group file as the group file in the ~ftp/etc directory.
~ftp/pub)
Create a subdirectory in ~ftp/pub with the appropriate mode (777 or 733) if you want to allow normal users to upload files.
0 Kudos
Reply
Anthony deRito
Respected Contributor

‎11-26-2001 10:25 AM

‎11-26-2001 10:25 AM

Re: anonymous ftp

I would highly recommend looking at wu-ftpd as a replacement for ftpd. Its free, more secure, and will do exactly as you require. I replaced my ftpd with wu-ftpd a few months ago and am pleased. It uses chroot to control access.

http://www.wu-ftpd.org

Tony
0 Kudos
Reply
Mike_21
Frequent Advisor

‎11-26-2001 11:07 AM

‎11-26-2001 11:07 AM

Re: anonymous ftp

And one other point, running 10.20 and NIS. SO I am not sure if I assign a nis user to a local user group, and assign this group to the directory, that this will restrict access only to those users...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.