HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- ftp in restricted shell?
Operating System - HP-UX
1830899
Members
3408
Online
110017
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-29-2002 06:10 PM
04-29-2002 06:10 PM
ftp in restricted shell?
Hi,
How do i set up a user to perform ftp only, the user must can onlu stay in it's own home directory.
Thanks
How do i set up a user to perform ftp only, the user must can onlu stay in it's own home directory.
Thanks
5 REPLIES 5
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-29-2002 06:12 PM
04-29-2002 06:12 PM
Re: ftp in restricted shell?
INCOMING or OUTGOING?
INCOMING, you can use chroot.
OUTGOING, well not much there.
live free or die
harry
Live Free or Die
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-29-2002 06:21 PM
04-29-2002 06:21 PM
Re: ftp in restricted shell?
Hey !!
By using the restricted shell
you can achive this
use /user/bin/rsh
make sure that you put this entry in /etc/shells
-Niraj
By using the restricted shell
you can achive this
use /user/bin/rsh
make sure that you put this entry in /etc/shells
-Niraj
Niraj.Verma@philips.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-29-2002 06:24 PM
04-29-2002 06:24 PM
Re: ftp in restricted shell?
How can I restric certian users to one directory though ftp in 10.20
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-29-2002 06:26 PM
04-29-2002 06:26 PM
Re: ftp in restricted shell?
To restrict the user to his directory and subdirectories:
Set the user's shell to 'rsh', the restrited shell. You can set this in the /etc/passwd file.
To allow ONLY ftp:
In the user's startup file ($HOME/.profile), add the following line
exec ftp
When the user logs in he will be taken straight to the ftp prompt. On exiting ftp, he will be automatically logged off.
Set the user's shell to 'rsh', the restrited shell. You can set this in the /etc/passwd file.
To allow ONLY ftp:
In the user's startup file ($HOME/.profile), add the following line
exec ftp
When the user logs in he will be taken straight to the ftp prompt. On exiting ftp, he will be automatically logged off.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-29-2002 06:27 PM
04-29-2002 06:27 PM
Re: ftp in restricted shell?
Say you want to setup user "ftpguest" to only do ftp. The recipe as follows ..
(I got this from my own notes, can't remembet the source but it's good !)
1) Make the edits to the /etc/passwd file
ftpguest:4rL2HZkDatENY:505:125::/home/ftp/ftpguest/./:/usr/bin/false
The '.' is the delimiter to determine where the chroot will be performed. In this example, after logging in '/' will in effect be /home/ftp/ftpguest. If the delimiter was placed between ftp and ftpguest then '/' would be /home/ftp
The ftpguest was used as the account name in this example but you could use any name you like.
2) /usr/bin/false will have to be added to the /etc/shells file.
3) Make the edits to the /etc/group file
ftpgroup::125:ftpguest
Create and set the permissions and ownership for the directory /home/ftp/ftpguest to what suits you best.
4) Add an entry into the ftpaccess file. This file will most probably have to be copied from the /usr/newconfig/etc/ftpd/ftpaccess to /etc/ftpd/ftpaccess.
Add a guestgroup entry (in /etc/ftpd/ftpaccess file) to allow a group of users to be treated as 'guests'. This entry will correspond to the entry in the /etc/group file. Here is a sample of the ftpaccess file to use guest
groups.
# specify which group of users will be treated as "guests".
guestgroup ftpgroup
5) Edit the /etc/inetd.conf file and add the '-a' option to enable ftpd to use the ftpaccess file. Here is an example;
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -a
You will need to reconfigure inetd by running /usr/sbin/inetd -c to reread the /etc/inetd.conf file after making the change.
6) Since this is similar to anonymous FTP in the respect that you are in a chrooted area (the path to / is different than on your system) you will also have to replicate the /usr/bin and /etc directories. The easiest way to do this is to use SAM to create an anonymous FTP setup and then replicate the /etc & /usr/bin directories into your ftp guest root directory. Here is an example of how you would replicate the ~ftp/usr and ~ftp/etc directory to your new ftp guest directory. Use the ftpguest user in this example.
# cp -R ~ftp/usr ~ftpguest/usr
# cp -R ~ftp/etc ~ftpguest/etc
At this point you should have the files and programs needed for your ftpguest user.
** This is dependent upon where the '.' delimiter has been positioned. If the delimiter is positioned prior to the ftp username then only the root directory (/home/ftp) needs to contain a /usr & /etc directory structure. If the delimiter is placed post the username then each individual user will require this directory structure.
** When providing the 'ls' command, use /sbin/ls, not /usr/bin/ls.
7) Another thing .. you must touch the file /etc/ftpd/ftpgroups. If you do not, you will see messages in syslog.log indicating that ftpd could not stat this file.
(I got this from my own notes, can't remembet the source but it's good !)
1) Make the edits to the /etc/passwd file
ftpguest:4rL2HZkDatENY:505:125::/home/ftp/ftpguest/./:/usr/bin/false
The '.' is the delimiter to determine where the chroot will be performed. In this example, after logging in '/' will in effect be /home/ftp/ftpguest. If the delimiter was placed between ftp and ftpguest then '/' would be /home/ftp
The ftpguest was used as the account name in this example but you could use any name you like.
2) /usr/bin/false will have to be added to the /etc/shells file.
3) Make the edits to the /etc/group file
ftpgroup::125:ftpguest
Create and set the permissions and ownership for the directory /home/ftp/ftpguest to what suits you best.
4) Add an entry into the ftpaccess file. This file will most probably have to be copied from the /usr/newconfig/etc/ftpd/ftpaccess to /etc/ftpd/ftpaccess.
Add a guestgroup entry (in /etc/ftpd/ftpaccess file) to allow a group of users to be treated as 'guests'. This entry will correspond to the entry in the /etc/group file. Here is a sample of the ftpaccess file to use guest
groups.
# specify which group of users will be treated as "guests".
guestgroup ftpgroup
5) Edit the /etc/inetd.conf file and add the '-a' option to enable ftpd to use the ftpaccess file. Here is an example;
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -a
You will need to reconfigure inetd by running /usr/sbin/inetd -c to reread the /etc/inetd.conf file after making the change.
6) Since this is similar to anonymous FTP in the respect that you are in a chrooted area (the path to / is different than on your system) you will also have to replicate the /usr/bin and /etc directories. The easiest way to do this is to use SAM to create an anonymous FTP setup and then replicate the /etc & /usr/bin directories into your ftp guest root directory. Here is an example of how you would replicate the ~ftp/usr and ~ftp/etc directory to your new ftp guest directory. Use the ftpguest user in this example.
# cp -R ~ftp/usr ~ftpguest/usr
# cp -R ~ftp/etc ~ftpguest/etc
At this point you should have the files and programs needed for your ftpguest user.
** This is dependent upon where the '.' delimiter has been positioned. If the delimiter is positioned prior to the ftp username then only the root directory (/home/ftp) needs to contain a /usr & /etc directory structure. If the delimiter is placed post the username then each individual user will require this directory structure.
** When providing the 'ls' command, use /sbin/ls, not /usr/bin/ls.
7) Another thing .. you must touch the file /etc/ftpd/ftpgroups. If you do not, you will see messages in syslog.log indicating that ftpd could not stat this file.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP