Operating System - HP-UX
1833873 Members
2116 Online
110063 Solutions
New Discussion

Creating a secure ftp user

 
SOLVED
Go to solution
Laurence Beard
Occasional Contributor

Creating a secure ftp user

Hi,

I have been trying to create an ftp user that can login into a specific directory and can not cd .. or change to another directory.

Is this possible. I have considered using the restricted user shell with no success.

regards
4 REPLIES 4
Sridhar Bhaskarla
Honored Contributor
Solution

Re: Creating a secure ftp user

Hi Laurence,

You will need to use 'ftpaccess' file with 'chroot'ed home directory.

1. Make the user's home directory like /home/user/./ in /etc/passwd file.
2. Create a group say 'ftponly' and change the primary group of the user to ftponly.
3. Add the following lines to your /etc/ftpd/ftpaccess file (if you don't have an ftpaccess file, then copy it from /usr/newconfig/etc/ftpd/ directory)

guestgroup ftponly

With the above user will not be able to move above /home/user structure. If you want you can further set the restrictions using 'upload' directive. 'man ftpaccess' for more option.

You will have to add -a to your ftpd line in /etc/inetd.conf and refresh inetd ( inetd -c ).

BTW, this works only from 11.0 and above. For 10.20, you will have to install wu_ftp software.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Sanjay_6
Honored Contributor

Re: Creating a secure ftp user

Hi Laurence,

You need to setup ftpaccess for this user/group. Do "man ftpaccess" for more info on ftpaccess.

Here is a sample doc from itrc on how to setup restricted ftp access for a user,

http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000073346999

The itrc doc id is BC0814KBRC00007719.

Hope this helps.

Regds
Steven E. Protter
Exalted Contributor

Re: Creating a secure ftp user

Make sure the shell for the user in /etc/profile is /bin/false

If there is a user that owns the ftpd binaries that should be the same.

Its possible with buffer overflows to trick the ftp daemon into running commands and even getting a shell prompt. This will prevent that.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Laurence Beard
Occasional Contributor

Re: Creating a secure ftp user

Thanks all