HPE Community
Operating System - HP-UX
1822430 Members
4552 Online
109642 Solutions
New Discussion юеВ

Re: ftp access (chroot'ing)

 
Avarsang Shankar
Occasional Contributor

тАО05-04-2004 03:13 AM

тАО05-04-2004 03:13 AM

ftp access (chroot'ing)

How can I restrict a user (not anonymous) to chroot to only a particular dir for ftping files in and out? What should be the contents on ftpaccess file ?
0 Kudos
Reply
7 REPLIES 7
Sanjay_6
Honored Contributor

тАО05-04-2004 03:20 AM

тАО05-04-2004 03:20 AM

Re: ftp access (chroot'ing)

Hi,

Try this,

http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000073094324

The doc id is KBRC00008355.

Also do man ftpaccess for more help.

Hope this helps.

Regds
0 Kudos
Reply
Chris Wong
Trusted Contributor

тАО05-04-2004 09:04 AM

тАО05-04-2004 09:04 AM

Re: ftp access (chroot'ing)

http://www.newfdawg.com/SHP-FTP-anon.htm

The 2nd part of this is a step-by-step on how to do restricted FTP.

- Chris
0 Kudos
Reply
Dani Seely
Valued Contributor

тАО05-04-2004 03:37 PM

тАО05-04-2004 03:37 PM

Re: ftp access (chroot'ing)

Sanjay provided a GREAT link. I had to stumble through this the hard way when I was setting this up for remote access into my box and wish I would have known the information in this link was available when I had to set this up. Key factor for me was to ensure the ftp user was assigned the shell /usr/bin/false so that this would not allow telnet sessions or direct sessions, only ftp sessions. You will also have to include /usr/bin/false in the /etc/shells file.

The steps in the article that Sanjay included is pretty accurate based on what I did, but just remember to assin the false shell, otherwise the user can have telnet or direct access, too.
Together We Stand!
0 Kudos
Reply
Tapas Jha
Valued Contributor

тАО05-04-2004 05:41 PM

тАО05-04-2004 05:41 PM

Re: ftp access (chroot'ing)

Hello,
1)Creat a user with shell /usr/bin/ftpshell
which will contain exit 0.
2)Edit password file and on home directory column make an entry like /home/./ftpdir
(eg;
test:*:102:108:Test Ftp user:/home/./ftpdir:/usr/bin/ftpshell
); 108 is group id for ftpusr
3) make entry in /etc/group like
ftpusr:108:test
4)make an entry for /usr/bin/ftpshell in /etc/shells. (perm 644 , root:sys)
5)Make a "usr/bin/" directory under /home.
6) copy ls from /sbin to here /home/usr/bin.(cp /sbin/ls /home/usr/bin) Perm: 555;bin:bin
7)Make entry /etc/ftpd/ftpaccess file accordingly. Basically cdpath entry is required. Do man ftpaccess for more information.

Happy ftp accessing.

Rgds
Tapas
Tapas Jha
0 Kudos
Reply
Avarsang Shankar
Occasional Contributor

тАО05-04-2004 11:13 PM

тАО05-04-2004 11:13 PM

Re: ftp access (chroot'ing)

Thank you for all the responses. It worked. It was very helpful.
Sanjay's link really helped me a lot.

0 Kudos
Reply
Joseph Loo
Honored Contributor

тАО05-04-2004 11:41 PM

тАО05-04-2004 11:41 PM

Re: ftp access (chroot'ing)

hi,

judging from the response to those who have help you, i.e. "I have assigned points to 0 of 24 responses to my questions.", maybe it is time for you to read this:

http://forums1.itrc.hp.com/service/forums/helptips.do?#28

these people have help, so please assign some points, it is a "ITRC Forum" token of appreciation.

regards.
what you do not see does not mean you should not believe
0 Kudos
Reply
Dani Seely
Valued Contributor

тАО05-18-2004 03:41 PM

тАО05-18-2004 03:41 PM

Re: ftp access (chroot'ing)

Hello,
I assume this is your first experience on the ITRC forum as you did not award points to the forumers for the answers you were provided. May I suggest that you take a look at the following link to learn about the points system in use here. Thanks.

http://forums1.itrc.hp.com/service/forums/helptips.do?#28

Please read the article, assess the assistance you were provided by the forumers, then reward them. Thanks!
Together We Stand!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.