HPE Community
Operating System - HP-UX
1830508 Members
2505 Online
110006 Solutions
New Discussion

Can't see file listing when "ftpaccess" is activated

 
SOLVED
Go to solution
Philip Chan_1
Respected Contributor

‎05-17-2005 09:37 PM

‎05-17-2005 09:37 PM

Can't see file listing when "ftpaccess" is activated

Hi,

I'm trying to fix the file permission bits to "660" for files being ftp'ed into our server. I've been able to achieve this through the usage of the "ftpaccess" file. The file mode of all received files is correct, however the ftp user can no longer see the files existed in the directory once the ftpaccess file is active !!!

I'm new to the ftpaccess setup, can someone please shed me some ideas about this?

The content of my ftpaccess file is as follows,

class local real,guesst *
class remote real,guest *
guestgroup testgroup
log commands real,guest
log transfers real,guest inbound,outbound
upload /home/testftp / yes testftp testgroup 0660 dirs

Note that:
testftp is the user account
testgroup is the group
I knew that the "-u ..." switch in ftpd could set the umask value, however I don't want this to become a global setting.
0 Kudos
Reply
6 REPLIES 6
Simon Hargrave
Honored Contributor

‎05-17-2005 09:47 PM

‎05-17-2005 09:47 PM

Re: Can't see file listing when "ftpaccess" is activated

If all you want to do is limit "all" uploaded files to 660 you can do it much easier.

Change the ftpd in /etc/inetd.conf to read: -

ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -a -u 007

Then execute inetd -c to reread this file.

The -u 007 sets the default umask for uploads to be 007. By default it's 027 which gives files rw-r----- permissions. The 007 will give rw-rw---- which is what I think you want.
0 Kudos
Reply
Simon Hargrave
Honored Contributor

‎05-17-2005 09:49 PM

‎05-17-2005 09:49 PM

Re: Can't see file listing when "ftpaccess" is activated

Sorry didn't read your last comment about -u.

Ignore my ramblings :D
0 Kudos
Reply
Stephen Keane
Honored Contributor

‎05-17-2005 09:51 PM

‎05-17-2005 09:51 PM

Re: Can't see file listing when "ftpaccess" is activated

What permissions/owner/group do you have on /home/testftp ?
0 Kudos
Reply
john korterman
Honored Contributor

‎05-17-2005 10:03 PM

‎05-17-2005 10:03 PM

Solution

Re: Can't see file listing when "ftpaccess" is activated

Hi,
the reason might be that the user lacks the command for listing the file. Try creating a usr/bin dir-structure under /home/testftp, i.e. /home/testftp/usr/bin and cp /sbin/ls to /home/testftp/usr/bin

regards,
John K.
it would be nice if you always got a second chance
Reply
Philip Chan_1
Respected Contributor

‎05-18-2005 01:07 PM

‎05-18-2005 01:07 PM

Re: Can't see file listing when "ftpaccess" is activated

Thanks for the input and I'm now able to do 'ls' or 'dir' with collect results returned within the FTP session.

As I mentioned, is there a good tutorial/reference by examples for a newbie on "ftpaccess" like me? I've gone through the man pages but they didn't look effective for my purpose.
0 Kudos
Reply
Joseph Loo
Honored Contributor

‎05-18-2005 02:27 PM

‎05-18-2005 02:27 PM

Re: Can't see file listing when "ftpaccess" is activated

hi,

notes on ftpaccess:

http://docs.hp.com/en/B2355-90685/ch02s07.html?btnPrev=%AB%A0prev

http://docs.hp.com/en/B2355-90685/ch02s08.html?btnNext=next%A0%BB

and to restrict user to their home directory:

http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000062903488

u may also refer to these steps:

1. Configure the ftpaccess file:

a. cd /etc/ftpd
b. cp -p /usr/newconfig/etc/ftpd/ftpaccess
c. vi ftpaccess. At the bottom of the file there is a guestgroup
directive 'guestgroup ftponly'.

i. Either change that group designation to one you already
have or keep that designation.
ii. If you are keeping the ftponly group, then create that
group on your system.


2. Modify the /etc/inetd.conf file to enable the use of the ftpaccess
file:

a. vi /etc/inetd.conf
b. Add the -a flag to the ftp daemon.
c. ftp stream tcp nowait root /usr/lbin/ftpd ftpd -a -l

3. Make inetd re-read its configuration:

inetd -c

4. Create a bogus shell for users that will only have FTP access to
the system:

a. vi /usr/bin/ftpshell
b. exit 0
c. chmod 555 /usr/bin/ftpshell
d. chown bin:bin /usr/bin/ftpshell

5. Create an /etc/shells file:

a. vi /etc/shells
b. Include these lines in the file:

/sbin/sh
/usr/bin/ksh
/usr/bin/sh
/usr/bin/csh
/usr/bin/rsh
/usr/bin/rksh
/usr/bin/keysh
/bin/sh
/bin/ksh
/bin/csh
/bin/rsh
/bin/rksh
/usr/bin/ftpshell

6. Now add a user to the system. Use a group that is 'ftponly' and
make the user's shell /usr/bin/ftpshell.

7. Use SAM to limit the user to his home directory by setting up the
directory in this form:

/home/username/./

Note: The /./ is the important key here. When the ftpd verifies a
user's login, it checks and sees that the user is a member of
the 'guestgroup' ftponly. It then examines the home directory
and, if it sees a /./ in the path, it will then perform a chroot
to that directory. Therefore, when that user FTPs into the
system, their home directory will appear as the / directory.

8. Provide the user with an ls command:

a. cd /home/username
b. mkdir usr
c. mkdir usr/bin
d. cp -p /sbin/ls usr/bin
e. chown -R bin:bin usr
f. chmod -R 555 usr

regards.
what you do not see does not mean you should not believe
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.