HPE Community
Operating System - HP-UX
1834150 Members
3386 Online
110064 Solutions
New Discussion

Re: DIR command not working for guest users wu-ftpd

 
SOLVED
Go to solution
Bill Costigan
Honored Contributor

‎09-18-2006 05:02 AM

‎09-18-2006 05:02 AM

DIR command not working for guest users wu-ftpd

I set up the ftpaccess file using wu-ftp on HPUX to restrict some users.

When a guest user connects they can put or get files but if they issue a 'dir' or 'ls' no list of files are returned. There is a message saying the /usr/bin/ls is being executed, but no files are listed.

If connected as real user both ls and dir work as expected.

Has anyone seen this? Do I need to add something to the ftpaccess file? Directory permissions?

Thanks
0 Kudos
Reply
9 REPLIES 9
Steven E. Protter
Exalted Contributor

‎09-18-2006 05:11 AM

‎09-18-2006 05:11 AM

Re: DIR command not working for guest users wu-ftpd

Shalom,

My guess is that your ftp server is using chroot.

when you do that the ls command needs to be accessible in the users home directory.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Bill Costigan
Honored Contributor

‎09-18-2006 05:13 AM

‎09-18-2006 05:13 AM

Re: DIR command not working for guest users wu-ftpd

Is there a good way of doing that?
0 Kudos
Reply
john korterman
Honored Contributor

‎09-18-2006 05:27 AM

‎09-18-2006 05:27 AM

Solution

Re: DIR command not working for guest users wu-ftpd

Hi Bill,

you need to create
/usr/bin
and then copy
/sbin/ls
to
/usr/bin/ls
It is important that the ls command is from the static root-shell and thus self-contained and independent of libraries.
You need to secure execute permissions on
/usr/bin/ls

regards,
John K.
it would be nice if you always got a second chance
Reply
Bill Costigan
Honored Contributor

‎09-18-2006 05:30 AM

‎09-18-2006 05:30 AM

Re: DIR command not working for guest users wu-ftpd

Is there a way to hide the usr directory from the user?
0 Kudos
Reply
john korterman
Honored Contributor

‎09-18-2006 05:50 AM

‎09-18-2006 05:50 AM

Re: DIR command not working for guest users wu-ftpd

Hi again,

try execute permissions only:
d--x--x--x
for usr.


regards,
John K.
it would be nice if you always got a second chance
0 Kudos
Reply
Bill Costigan
Honored Contributor

‎09-18-2006 06:27 AM

‎09-18-2006 06:27 AM

Re: DIR command not working for guest users wu-ftpd

With d--x--x--x for usr. usr still shows up when you do a dir.

But I think I'm in good shape.

Thank you all for your quick responces and pointing me in the right direction.
0 Kudos
Reply
Bill Costigan
Honored Contributor

‎09-21-2006 07:11 AM

‎09-21-2006 07:11 AM

Re: DIR command not working for guest users wu-ftpd

John,

I failed to follow your directions exactly and got myself in trouble.

You said to copy the ls from /sbin and I copied it from /usr/bin.

The one from /sbin is much better.

Thank you again!

0 Kudos
Reply
Bill Hassell
Honored Contributor

‎09-21-2006 09:12 AM

‎09-21-2006 09:12 AM

Re: DIR command not working for guest users wu-ftpd

A the reason /sbin works is that it does not use shared libraries (/sbin is designed for single user mode where /usr/lib is not available). With restricted users, /usr doesn't exist and therefore, /usr/lib.


Bill Hassell, sysadmin
0 Kudos
Reply
Bill Costigan
Honored Contributor

‎09-21-2006 09:29 AM

‎09-21-2006 09:29 AM

Re: DIR command not working for guest users wu-ftpd

The interesting thing is that you can create the /usr/lib directories with the libraries that ls is looking for but it still doesn't read the chrooted /etc/passwd file.

Before you copy the directories into the local /usr/lib you get error messages saying it couldn't access this library or that library. after you copy the 4 or so libraries, ls stops complaining and runs and displays the file names, access lists, uid and gid just fine.

It just doesn't translate the uid and gid to user names and group names.

It must still be looking for something I didn't copy over.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.