HPE Community
Operating System - HP-UX
1834137 Members
2560 Online
110064 Solutions
New Discussion

FTP ids

 
Ali Sunderji
Occasional Advisor

‎12-12-2001 06:25 AM

‎12-12-2001 06:25 AM

FTP ids

Does anyone know how to create FTP id's ( as opposed to regular Unix id's) in Unix.

Does this make sense, I have sense, I have never done one of these

many thanks in advance
0 Kudos
Reply
8 REPLIES 8
Ian Dennison_1
Honored Contributor

‎12-12-2001 06:31 AM

‎12-12-2001 06:31 AM

Re: FTP ids

An FTP Userid is a UNIX ID that has been banned from logging in. Yuu can either set up your system for anonymous FTP (anyone), or set up a Userid, and set their Shell Path to /usr/bin/false in /etc/passwd (prevents them logging in via telnet).

A man on 'ftpd' states that Users must first be in the /etc/passwd file before ftpd access is granted.

How many Users are we talking about here?

Share and Enjoy! Ian
Building a dumber user
0 Kudos
Reply
Jeff Machols
Esteemed Contributor

‎12-12-2001 06:32 AM

‎12-12-2001 06:32 AM

Re: FTP ids

Ali,

take a look at this thread:

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x714fa22831ebd5118ff40090279cd0f9,00.html
0 Kudos
Reply
Helen French
Honored Contributor

‎12-12-2001 06:34 AM

‎12-12-2001 06:34 AM

Re: FTP ids

hi,

Check this document in HP's knowledge base:

A5651654

HTH,
Shiju
Life is a promise, fulfill it!
0 Kudos
Reply
Ali Sunderji
Occasional Advisor

‎12-12-2001 06:36 AM

‎12-12-2001 06:36 AM

Re: FTP ids

Thanks Ian.. just 2 users ..They are only going to be setup for duration a a project and then deleted..
0 Kudos
Reply
Anthony deRito
Respected Contributor

‎12-12-2001 06:39 AM

‎12-12-2001 06:39 AM

Re: FTP ids

Ali, keep in mind that anonymous login has its security implications. My choice was to create "guest" accounts in accordance with the features of wu-ftpd. Check out http://www.landfield.com/wu-ftpd/. Its easy to use and configure and has many security features for ftp "guest" users.

Tony
0 Kudos
Reply
Darrell Allen
Honored Contributor

‎12-12-2001 06:44 AM

‎12-12-2001 06:44 AM

Re: FTP ids

Hi Ali,

As Ian says, set their shell to /usr/bin/false. Then verify /etc/shells has /usr/bin/false in it. If you create /etc/shells, be sure to put all used shells in it.

An easy way to create /etc/shells without omitting a shell by accident is:
awk -F: '{print $NF}' /etc/passwd | sort -u >/etc/shells

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
0 Kudos
Reply
Uday_S_Ankolekar
Honored Contributor

‎12-12-2001 06:48 AM

‎12-12-2001 06:48 AM

Re: FTP ids

Hi,

HP document says,
Here's the instructions on achieving your design for ftp access into the server:

1)load in PHNE_23949 (or latest ftp/ftpd). This patch resolves a couple of
issues with ftpaccess.

2) create a user via SAM (eg. user= test1 group= none)

3) This user has ONLY ftp access, so it would be wise to
code the start-up program as /usr/bin/false

4) For the home directory, specify /home//. eg:
/home/test1/./ (explanation in man ftpaccess)/etc/passwd looks like
test1:qXznDQ1RUwqZ6:115:20:,,,:/home/test1/./:/usr/bin/false
**ignore the error with SAM not being able to create a /. directory.

5) all other questions in SAM are as per normal.

6) ensure that /usr/bin/false is also coded in a file /etc/shells

7) then edit-create the file /etc/ftpd/ftpaccess to have these lines:
class all test1,guest * <-- line#1
guestgroup none <-- line#2
limit all 5 Any /no-more-ftp-access <-- line#3
noretrieve /etc/passwd core <-- line#4

with #chmod 444 ftpaccess
#chown bin:bin ftpaccess

Explanation:
line#1 : 'class' is a verb
'all' is a class of users;
you can call it anything you like.
'guest' is a verb ???test1??? is the user name
'*' is the range of users allowed to ftp
into the machine.
You can restrict this further if you want to.
Do a man ftpaccess

line#2 : 'guestgroup' is a verb
: 'none' is the group name of the users
that have been coded via SAM
(see /etc/group to find out what group
that has)

line#3 : 'limit' is a verb
'all' as per line#1,the class of users.
'5' is the number of ftp sessions; in this case
its five.
You can change it to any number of your choice.
'Any' , do a man ftpaccess for explanation
'/no-more-ftp-access' is a filename that
contains a message to be displayed when the
limit is reached.

line#4 : types of files to restrict

8) then edit /etc/inetd.conf to add in '-a' argument for ftpd; thus:
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -a

9) inetd -c (to re-read the configuration file)

10) Create the following subdirecties and files:
a. ~test1/usr
#chown ???R bin:bin usr
#chmod 555 usr
b. ~test1/usr/bin
#chown root bin
#chmod 555 bin
#cp -p /sbin/ls ~test1/usr/bin/ls

11) The ~test1/usr/bin/ls allows the use of the 'ls' command in ftp to find out
the files that are present in their directory.

12) test to verify
Good Luck..
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.