HPE Community
Operating System - HP-UX
1830466 Members
2534 Online
110005 Solutions
New Discussion

create an ftponly account with 'chroot' characteristics and 'sftp' protocol, and an NFS mounted Home

 
Guus van Luijn
Occasional Advisor

‎10-11-2005 11:00 PM

‎10-11-2005 11:00 PM

create an ftponly account with 'chroot' characteristics and 'sftp' protocol, and an NFS mounted Home

I'm not a system administrator but I need to have a UNIX account created with the following characteristics:

1) The account should only be usable through ftp, so no telnet. => ftponly
2) The data transfer must be encrypted so we need to use the sftp protocol (ssh)
3) When the user connects with sftp he should go to his Home-directory, and be RESTRICTED to this home directory (he should be able to change directory, but only 'upwards' (no cd .. for example, and he should be able to create sub-directories in his home directory.)
I know chroot can be used for this.

NOTE: Apparently the HOME-dir of the user is NFS-mounted, and I have been told that is causing troubles in achieving the above described desired results.
0 Kudos
Reply
4 REPLIES 4
GGA
Trusted Contributor

‎10-11-2005 11:14 PM

‎10-11-2005 11:14 PM

Re: create an ftponly account with 'chroot' characteristics and 'sftp' protocol, and an NFS mounted Home

hello

http://docs.hp.com/en/5971-2286/index.html
maybe this help u
regards gga
0 Kudos
Reply
Arunvijai_4
Honored Contributor

‎10-11-2005 11:19 PM

‎10-11-2005 11:19 PM

Re: create an ftponly account with 'chroot' characteristics and 'sftp' protocol, and an NFS mounted Home

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=703578
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=827155
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=876162

Similar threads can give you more information and better idea..

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Reply
David Nixon
Valued Contributor

‎11-07-2005 10:41 PM

‎11-07-2005 10:41 PM

Re: create an ftponly account with 'chroot' characteristics and 'sftp' protocol, and an NFS mounted Home

Sftp uses the SSH protocol; for secure file transfer, so I assume 1) doesn't mean access via some FTP client..
The sftp configuration you describe in 3)
is easy enough to implement using the
Secure Shell (non-commercial licence) product from SSH Communications Security Corps. You would need to replace the normal
login shell /etc/passwd file entries with a program called ssh-dummyshell.
N.b. unlike the Openssh product bundled with HP-UX, it is possible to log file transfers.

NFS mounted home would only be a
problem if the NFS server accessed by the
sftp server was unreliable.


0 Kudos
Reply
Christine Hartman
Valued Contributor

‎12-06-2005 11:12 AM

‎12-06-2005 11:12 AM

Re: create an ftponly account with 'chroot' characteristics and 'sftp' protocol, and an NFS mounted Home

this users' home dir...check the system it's homedir is mounted from...does the user have an account on that system? If so..please use the same UID for the user...also make sure the nfs mount is present on the system..then:

useradd -u (uid) -g (group) -s /usr/bin/false -d /home/dir/from/./nfsmount -c "comment" login

next you will need to setup your fptusers/ftpaccess files...the links mentioned in previous posts should explain those files.

I just want to emphasize the importance of the UID....otherwise you will run into permission problems.

Good luck!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.