HPE Community
Operating System - HP-UX
1834437 Members
2517 Online
110067 Solutions
New Discussion

FTP access restrictions HELP!! (Please)

 
SOLVED
Go to solution
Charles Harris
Super Advisor

‎03-20-2001 09:33 AM

‎03-20-2001 09:33 AM

FTP access restrictions HELP!! (Please)

Dear all,

I'm having another slight dilemna with FTP access and in particular user permissions.
I am trying to restrict users from being able to wander through a development server, although they can see files but not get or change them, - so far without sucess.
I have removed the FTPD umask which helped a bit, but wondered if there was any other way of tying down the server.

Any help or comments appreciated!!!!

-ChaZ-
0 Kudos
Reply
7 REPLIES 7
James A. Donovan
Honored Contributor

‎03-20-2001 10:21 AM

‎03-20-2001 10:21 AM

Re: FTP access restrictions HELP!! (Please)

The guides at http://www.wu-ftpd.org/HOWTO and http://www.landfield.com/wu-ftpd (click on Documents) provide a lot of good information on locking down FTP.
Remember, wherever you go, there you are...
0 Kudos
Reply
Rita C Workman
Honored Contributor

‎03-20-2001 10:36 AM

‎03-20-2001 10:36 AM

Solution

Re: FTP access restrictions HELP!! (Please)

As Jim said you can download wu-ftp. For myself I just did a chroot and set up my ftpaccess file to only grant particular group privileges for some and on others I only gave them guest privileges. To keep down the travel and secure them to their /home directory only I simply edited the /etc/paswd and add period slash to home directory:

user:passwd:uid:gid:UserName:/home/user/./:/bin/ksh

Others may know a better way, for me it worked,
/rcw
Reply
Shannon Petry
Honored Contributor

‎03-20-2001 11:31 AM

‎03-20-2001 11:31 AM

Re: FTP access restrictions HELP!! (Please)

I wrote up a pretty descent FAQ some time ago for FTP Server configs. You can find it at http://www.invenioeng.com/systems/ftpd_faq.html

This may give you some help/pointers....

Regards,
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
Joseph C. Denman
Honored Contributor

‎03-20-2001 03:02 PM

‎03-20-2001 03:02 PM

Re: FTP access restrictions HELP!! (Please)

I agree with Rita. I would configure using the ftpaccess file. You could put a file listing for them to view? Plus they could put files there for you to distribute. Just a thought...


...jcd...
If I had only read the instructions first??
0 Kudos
Reply
Charles Harris
Super Advisor

‎03-21-2001 02:44 AM

‎03-21-2001 02:44 AM

Re: FTP access restrictions HELP!! (Please)

Thanks for all the help! I'll checkout the references and give a few of the ideas a go. The only thing I noticed in the replies was reference to wu-ftpd, which sounds like what I use at home on my Linux box. Is this part of a standard HP-UX 10.20 distro or an addon ?

Again, thanks for the comments they are greatly appreciated!!!

-ChaZ-
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎03-21-2001 03:11 AM

‎03-21-2001 03:11 AM

Re: FTP access restrictions HELP!! (Please)

WU_FTPD is a HP-UX 11 add on, or is available from the porting center for 10.20.

For security reasons, I usually recommend you build your own and disable the site_exec feature which I am pretty sure is built into the distro from the porting center.

Regards,
Shannon
Microsoft. When do you want a virus today?
Reply
Brian Markus
Valued Contributor

‎03-21-2001 07:50 AM

‎03-21-2001 07:50 AM

Re: FTP access restrictions HELP!! (Please)

I took a different approach. I loaded ProFTPD from www.proftpd.net. It allows all the security you could ever wish for. It's easy to load, and extremly easy to manage. The conf file is simular to html.

Here's a samplefrom my conf file.
I set the user's root to /xfer/cusd46
require them to use their standard unix passwd
Just put allow for the permissions you want and deny for the ones you dont.
You can branch it off and do sub directorys as well. There's an example in here.


User xcusd46
Group users
AnonRequirePassword on



AllowAll


DenyAll




AllowAll


DenyAll






Hope this helps


Brian
When a sys-admin say's maybe, they don't mean 'yes'!
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.