HPE Community
Operating System - HP-UX
1847919 Members
4107 Online
104021 Solutions
New Discussion

FTP Account

 
SOLVED
Go to solution
Robin C. Querol
Occasional Advisor

‎11-13-2002 12:52 AM

‎11-13-2002 12:52 AM

FTP Account

Hi How do I setup a FTP account that will only allow ftp and not interactive logins?
0 Kudos
Reply
3 REPLIES 3
Robin C. Querol
Occasional Advisor

‎11-13-2002 12:54 AM

‎11-13-2002 12:54 AM

Re: FTP Account

By the way my system is running HP-UX version 11.11. Thanks.
0 Kudos
Reply
eran maor
Honored Contributor

‎11-13-2002 01:12 AM

‎11-13-2002 01:12 AM

Solution

Re: FTP Account

Hi

when you set-up the shell of a ftp user to /usr/bin/false the user wouldnt access your system .

here is a doc how to res. more the ftp site


The new version of FTP is supplied to HP-UX 11.11 through patch : PHNE_23950

There are three kinds of logins provided wu-ftp;
* anonymous FTP
* real FTP
* guest FTP

The focus of this document is how to setup a 'guest' ftp account to get
around the sublogin problems encountered with HP-UX 11.00 and hp-ux 11.11 .

Guest accounts require explicit user entries in the system /etc/passwd
file but performs a chroot to a designated directory, thus maintaining
integrity.

Steps to be followed;

1. Make the edits to the /etc/passwd file

ftpguest:4rL2HZkDatENY:505:125::/home/ftp/ftpguest/./:/usr/bin/false
^^^
- '.' Is the delimiter to determine where the chroot will be performed. In
this example, after logging in '/' will in effect be /home/ftp/ftpguest.
If the delimiter was placed between ftp and ftpguest then '/' would be
/home/ftp ftpguest was used as the account name in this example but you
could use any name you like.

2. /usr/bin/false will have to be added to the /etc/shells file.
See man(4) shells for further details

3. Make the edits to the /etc/group file

ftpgroup::125:ftpguest

- Create and set the permissions and ownership for the directory
(/home/ftp/ftpguest) to what suits you best.

4.
Add an entry into the ftpaccess file. This file will most probably have to
be copied from the /usr/newconfig/etc/ftpd/ftpaccess to /etc/ftpd/ftpaccess.

Add a guestgroup entry (in the /etc/ftpd/ftpaccess file) to allow a group
of users to be treated as 'guests'. This entry will correspond to the entry
in the /etc/group file. Here is a sample of the ftpaccess file to use guest
groups.

# specify which group of users will be treated as "guests".
guestgroup ftpgroup

5. Edit the /etc/inetd.conf file and add the '-a' option to enable ftpd to
use the ftpaccess file. Here is an example;

ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -a

You will need to reconfigure inetd by running /usr/sbin/inetd -c to
reread the /etc/inetd.conf file after making the change.

6. Since this is similar to anonymous FTP in the respect that you are in a
chrooted area (the path to / is different than on your system) you will
also have to replicate the /usr/bin and /etc directories. The easiest way
to do this is to use SAM to create an anonymous FTP setup and then replicate
the /etc & /usr/bin directories into your ftp guest root directory. Here
is an example of how you would replicate the ~ftp/usr and ~ftp/etc directory
to your new ftp guest directory. We use the ftpguest user in this example.

cp -R ~ftp/usr ~ftpguest/usr
cp -R ~ftp/etc ~ftpguest/etc

At this point you should have the files and programs needed for your
ftpguest user.

** This is dependent upon where the '.' delimiter has been positioned. If
the delimiter is positioned prior to the ftp username then only the root
directory (/home/ftp) needs to contain a /usr & /etc directory structure.
If the delimiter is placed post the username then each individual user
will require this directory structure.

** NOTE: When providing the 'ls' command, use /sbin/ls, not /usr/bin/ls.

7. Another thing I noticed is that you must touch the file /etc/ftpd/ftpgroups.
If you do not, you will see messages in syslog.log indicating that ftpd could
not stat this file.
love computers
Reply
Robin C. Querol
Occasional Advisor

‎11-13-2002 11:11 PM

‎11-13-2002 11:11 PM

Re: FTP Account

It worked. Thanks.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.