HPE Community
Operating System - HP-UX
1847020 Members
3603 Online
110258 Solutions
New Discussion

Creating secure FTP access

 
SOLVED
Go to solution
Jim Griffiths
Advisor

‎12-12-2002 05:58 AM

‎12-12-2002 05:58 AM

Creating secure FTP access

Hi,

I need to create an account that allows secure FTP access.

Ideally I would like to restrict them to a default directory and two subdirectories only, and not be able to cd upwards and rome around the system. They need to be able within ftp to cd downwards, create and rename files in the two directories.

Would also like to restrict them to FTP access only, not telnet, rsh etc - but this looks tricky.

I had a quick look at setting up anonymous FTP but that potentially gives anyone access. I would rather they had a specific account/password for their use only.

Any suggestions much appreciated,

Thanks,

Jim
If you need a miracle, play for it (BRIDGE)
0 Kudos
Reply
6 REPLIES 6
Christopher Caldwell
Honored Contributor

‎12-12-2002 06:07 AM

‎12-12-2002 06:07 AM

Re: Creating secure FTP access

FWIW, FTP is difficult to make _completely_ secure, because username/passwords are sent in plain text.

That said, [assuming HP-UX 11.0 well patched] you're running wu-ftpd. You'll want to look at the guestgroup functionality (man ftpaccess). guestgroup works like anonymous - folks are chroot'd - except everyone is individually identified and authenticated (username/password for each account).

To restrict access to telnet, sh, add the shell /bin/false to /etc/shells, then build the persons account with /bin/false as the shell. You should probably turn off the r'* commands in inetd.

Here's the guest setup cookbook:

http://www.wu-ftpd.org/HOWTO/guest.HOWTO

You'll control file creation and cd downwards with file/directory permissions.

0 Kudos
Reply
F. X. de Montgolfier
Valued Contributor

‎12-12-2002 06:09 AM

‎12-12-2002 06:09 AM

Re: Creating secure FTP access

Hi,

I haven't tried securing ftp access (I use ssh instead), but you may want to look at:

http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B2355-90147/B2355-90147_top.html&con=/hpux/onlinedocs/B2355-90147/00/00/91-con.html&toc=/hpux/onlinedocs/B2355-90147/00/00/91-toc.html&searchterms=secure%7cFTP&queryid=20021212-070453

"Installing and Administering Internet Services" Chapter 11: Secure Internet Services

It is too large for me to read and try to summarize, but it seems to be what you're looking for...

Hope this helps,

FiX
0 Kudos
Reply
Christopher McCray_1
Honored Contributor

‎12-12-2002 06:20 AM

‎12-12-2002 06:20 AM

Re: Creating secure FTP access

Hello,

Take a look at this post:

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xa9635c7609e9d61190050090279cd0f9,00.html

Hope it helps

Chris
It wasn't me!!!!
0 Kudos
Reply
Robert Thorneycroft
Valued Contributor

‎12-12-2002 06:29 AM

‎12-12-2002 06:29 AM

Re: Creating secure FTP access

You should really use the search functionality before you post requests like this.
I needed to do exactly the same thing about a week ago, I logged on did a seach on restrict ftp and immediately found a number of existing posts describing exactly how to proceed with the setup.
The reason I say this is not only to stop loads of spam reapeat messages (Which make searching more difficult btw) but so that you realise you can get the answer immediately rather than having to wait for someone else to do the search and point you at the link.

Regards,

Robert Thorneycroft
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎12-12-2002 06:29 AM

‎12-12-2002 06:29 AM

Solution

Re: Creating secure FTP access

 
Microsoft. When do you want a virus today?
Reply
Shannon Petry
Honored Contributor

‎12-12-2002 06:33 AM

‎12-12-2002 06:33 AM

Re: Creating secure FTP access

I made an oops on the last part of the user's home. Should be
chmod 700 /home/secftp/incoming
chomd 700 /home/secftp/outgoing

Otherwize the user can not write data.
Microsoft. When do you want a virus today?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.