HPE Community
Operating System - HP-UX
1832143 Members
3066 Online
110038 Solutions
New Discussion

Deny ftp, only for root

 
Victor_5
Trusted Contributor

‎03-21-2003 10:05 AM

‎03-21-2003 10:05 AM

Deny ftp, only for root

I want open ftp only for root, I don't want to modify ftpusers since I have a lot of users, any idea?
0 Kudos
Reply
7 REPLIES 7
Michael Steele_2
Honored Contributor

‎03-21-2003 10:16 AM

‎03-21-2003 10:16 AM

Re: Deny ftp, only for root



Install SSH and DENY ALL for ftp in it's config file but root?
Support Fatherhood - Stop Family Law
0 Kudos
Reply
Rita C Workman
Honored Contributor

‎03-21-2003 10:18 AM

‎03-21-2003 10:18 AM

Re: Deny ftp, only for root

Never did this..

But here's a thought to at least try..

Maybe create a unique group and make root the only member. Then in your ftpaccess make root & this group the only ones that can have access.

Might even try setting the option private option to yes in the ftpaccess file, thus requiring a password. See man ftpaccess.

Like I said...just a thought,
Rita
0 Kudos
Reply
Jairo Campana
Trusted Contributor

‎03-21-2003 11:43 AM

‎03-21-2003 11:43 AM

Re: Deny ftp, only for root

check the info :
http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xcd135bd3782dd711abdc0090277a778c,00.html
legionx
0 Kudos
Reply
H.Merijn Brand (procura
Honored Contributor

‎03-22-2003 12:52 AM

‎03-22-2003 12:52 AM

Re: Deny ftp, only for root

Make use of a less known feature (eviiiiil!)

# cd
# mkdir private
# cp /bin/sh private
# chmod 700 private
# cd /etc
# echo ~/private/sh >shells

Now change the shell for root to ~/private/sh using chsh

Explanation: if /etc/shells is found, ftp will only work for users whose logon shell is mentioned in there

Enjoy, have FUN! H.Merijn
Enjoy, Have FUN! H.Merijn
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎03-23-2003 05:49 PM

‎03-23-2003 05:49 PM

Re: Deny ftp, only for root

ftpusers is a counter-intuitive denial file. All you probably need to enable root ftp access is to take root out of that file, save it.

To deny access, just add root to the file.

That's probably the best way to go.

Almost sounds like you want to do two opposing tasks, as I obvoiusly misread your post.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Alexander M. Ermes
Honored Contributor

‎03-23-2003 10:46 PM

‎03-23-2003 10:46 PM

Re: Deny ftp, only for root

Hi there.
Why not create a file /etc/ftpd/ftpusers with all the usernames in it, which will not be allowed to use ftp ?
Rgds
Alexander M. Ermes
.. and all these memories are going to vanish like tears in the rain! final words from Rutger Hauer in "Blade Runner"
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎03-27-2003 06:50 AM

‎03-27-2003 06:50 AM

Re: Deny ftp, only for root

Additional note: After posting my post it occurred to me that I should actually test my ftpusers functionality on my HP-UX 11.11 servers.

To my horror, it did not block root ftp login, even though I followed my own procedure. The procedjure did work on 11.00.

The issue was that Washington University changed certain functionality in the ftp server and you have to go to HP, get and install a binary to make my denial scheme work.

Right not the binaries are not on a public ftp server, but if you have a support contract, they'll hook you up.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.