HPE Community
Operating System - HP-UX
1847545 Members
3642 Online
110265 Solutions
New Discussion

Re: FTP Access

 
Joe Profaizer
Super Advisor

‎03-06-2001 06:51 AM

‎03-06-2001 06:51 AM

FTP Access

If I want to allow only root and a couple of other users to only have FTP "get" and "put" access on an HP-UX Server -- what's the easiest way to do so. So far, I can only find within SAM a method to dis-allow users. I'm looking for a method to only allow certain users.

..Joe
0 Kudos
Reply
8 REPLIES 8
melvyn burnard
Honored Contributor

‎03-06-2001 06:58 AM

‎03-06-2001 06:58 AM

Re: FTP Access

you may want to take a look at the man page for inetd.sec, but I am unsure if this is exactly what you are looking for.
My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎03-06-2001 06:59 AM

‎03-06-2001 06:59 AM

Re: FTP Access

Hi Joe:

You can restrict users by defining them in /etc/ftpusers. See 'man (4) ftpusers'.

...JRF...
0 Kudos
Reply
Joe Profaizer
Super Advisor

‎03-06-2001 07:05 AM

‎03-06-2001 07:05 AM

Re: FTP Access

I have alot of users and only want three accounts to have ftp access. I don't want to have to remember to add users to /etc/ftpusers every time I create an account. Is there such a file just for "allowed" users? Also, what happens if I disable access to the following accounts:
uucp, www, sys, and nuucp

What function to the above accounts have?

Thanks,

..Joe
0 Kudos
Reply
Marcel Boon
Trusted Contributor

‎03-06-2001 07:07 AM

‎03-06-2001 07:07 AM

Re: FTP Access

Hi Joe,

Checkout these link:
http://www.docs.hp.com/hpux/onlinedocs/B2355-90685/B2355-90685.html

Marcel
See the man pages
0 Kudos
Reply
Bruce Regittko_1
Esteemed Contributor

‎03-06-2001 10:45 AM

‎03-06-2001 10:45 AM

Re: FTP Access

Hi,

The file /etc/ftpd/ftpusers is a list of those users who *can* use ftp, one user name per line. New accounts do not have to be added unless you want them to access your box via ftp from a remote client.

As for the system accounts, such as uucp, you do not need them in /etc/ftpd/ftpusers. Those accounts will not be using ftp.

--Bruce
www.stratech.com/training
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎03-06-2001 01:11 PM

‎03-06-2001 01:11 PM

Re: FTP Access

Another method of doing this is to create /etc/shells and put the 3 users you want to have access login shells into that file.
I.E. root's default shell is /sbin/sh
add /sbin/sh to /etc/shells (new file).
The other two users, use a shell that you do not normally use. I.E. If you always use "/usr/bin/sh" for your users, move the users you want to ftp to a shell of /usr/bin/ksh. Then add /usr/bin/ksh to /etc/shells.
By default, any login shell is okay. Once the /etc/shells file is there, it restricts access to those who have matching shells. This may require wu-ftpd, but I dont think so....

Also, if you are running the HP version of wu-ftp, then there is a ftphosts file. simply make the entries in this file for who you want to ftp and a generic global deny. I.E.
deny * *
allow johndoe host1
allow root *
allow me *
Field 1 is allow or deny. Field 2 is the user. Field 3 is the host or domain. Of course an "*" is "ALL".



Regards,
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
Sean C. DeZurik
New Member

‎03-06-2001 03:48 PM

‎03-06-2001 03:48 PM

Re: FTP Access

/etc/ftpd/ftpusers is used to reject users and all uucp accounts should be in it.

You can then use /var/adm/inetd.sec to restrict ftp to certain hosts. You can also use the -a option to ftpd and use /etc/ftpd/ftpaccess to restrict ftp access to a set of hosts.
0 Kudos
Reply
James A. Donovan
Honored Contributor

‎03-06-2001 03:59 PM

‎03-06-2001 03:59 PM

Re: FTP Access

You can "auto-build" your ftpusers file by using a little script.

#!/bin/sh
cat /etc/passwd|grep -v user1|grep -v user2 |grep -v user3|cut -f 1 -d":" > /etc/ftpd/ftpusers
/usr/sbin/inetd -c
Remember, wherever you go, there you are...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.