HPE Community
Operating System - HP-UX
1825007 Members
2878 Online
109678 Solutions
New Discussion юеВ

FTP - False Shell - Chroot????

 
Thomas Yake
Occasional Advisor

тАО07-05-2001 10:08 AM

тАО07-05-2001 10:08 AM

FTP - False Shell - Chroot????

I have been searching through several of these FTP security issues including the one on

http://forums.itrc.hp.com/cm/QuestionAnswer/1,1150,0x90f6a12d6d27d5118fef0090279cd0f9,00.html

I have the shell properly restricted to ftp. However, I would like to restrict the path that the user can navagate.

I have tried adding the /./ to the end of the users home directory and that does not seem to do anything:

#ftp:JA9D0LHFC8PJ2:500:500:anonymous ftp:/home/ftp:/usr/bin/false
booger:z2jOibe4mGdh2:501:500:Guest Account:/home/ftp/./:/usr/bin/false

ftp was a previously established anonymous account per `man ftpd`.

/usr/bin/false is in /etc/shells. the 500 guest group is listed as ftponly in /etc/ftpd/ftpaccess. What am i missing here?
0 Kudos
Reply
3 REPLIES 3
Joseph C. Denman
Honored Contributor

тАО07-05-2001 10:46 AM

тАО07-05-2001 10:46 AM

Re: FTP - False Shell - Chroot????

If you are using hpux 11.0, You can set up an ftpaccess file.

man ftpaccess

...jcd...
If I had only read the instructions first??
0 Kudos
Reply
Chris Calabrese
Valued Contributor

тАО07-05-2001 01:19 PM

тАО07-05-2001 01:19 PM

Re: FTP - False Shell - Chroot????

The user probably isn't in 'guestgroup' in the ftpaccess file.
Brainbench MVP for Unix Administration and Internet Security, SANS Review Editor, and Center for Internet Security HP-UX Benchmark project leader
0 Kudos
Reply
Thomas Yake
Occasional Advisor

тАО07-06-2001 05:36 AM

тАО07-06-2001 05:36 AM

Re: FTP - False Shell - Chroot????

I think have reached a turning point. It was a matter of modifying /etc/inetd.conf to start the ftpd with a -a to read the /etc/ftpd/ftpaccess file. Then issueing an inetd -c to reread the /etc/inetd.conf file.

Now it should be just a matter of restricting the access file to my liking.

BTY: http://www.wu-ftpd.org/HOWTO/guest.HOWTO is linix based but a pretty good resource.

Thanks for the help!!!!!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.