HPE Community
Operating System - HP-UX
1826950 Members
3950 Online
109705 Solutions
New Discussion

FTP Login lockdown?

 
SOLVED
Go to solution
Walter Maul
Occasional Advisor

‎10-19-2000 08:08 AM

‎10-19-2000 08:08 AM

FTP Login lockdown?

Hi all! I have a customer who needs to ftp me some files, but I want to minimize the security risk as much as possible. I have created an account...and made it active home directory the place where I want the files. However, I don't want this customer to be able to view up the directory tree...so how do I limit this?

Any help with this is greatly appreciated.
0 Kudos
Reply
10 REPLIES 10
Victor BERRIDGE
Honored Contributor

‎10-19-2000 08:41 AM

‎10-19-2000 08:41 AM

Re: FTP Login lockdown?

use /usr/bin/rsh as login shell:

rsh Restricted version of the POSIX or Bourne shell command
interpreter. Sets up a login name and execution
environment whose capabilities are more controlled
(restricted) than normal user shells.

0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎10-19-2000 08:49 AM

‎10-19-2000 08:49 AM

Re: FTP Login lockdown?

Peter:

Consider ftp security here too:

Setup restricted accoutns in /etc/ftpusers (see: man 4 ftpusers).

Setup /var/adm/inetd.sec hosts and IPAddresses to allow or deny access as you see fit. (see: man 4 inetd.sec).

See also this thread on 'wu-ftpd' in HP 11.x.

http://my1.itrc.hp.com/cm/QuestionAnswer/1,1150,0x47f06c96588ad4118fef0090279cd0f9,00.html

...JRF...

0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎10-19-2000 09:15 AM

‎10-19-2000 09:15 AM

Re: FTP Login lockdown?

Peter:

I would offer that this document, in addition to my previous post, will help you further: Document #A5651654.

By following the procedure in this document, a user will not have the ability to travel anywhere outsideof his home directory on the system. Setting up a bogus shell with exit 0 as the contents will cause the connection
of a user to be immediately terminated if the user attempts to telnet into the system.

Does this help you any better?

...JRF...
0 Kudos
Reply
Kofi ARTHIABAH
Honored Contributor

‎10-19-2000 09:26 AM

‎10-19-2000 09:26 AM

Re: FTP Login lockdown?

Peter:

Would it not be better for you to fetch it from your Customer's site (and have him worry about security)? I find its more acceptable to fetch than to have someone poking around your server! my $0.02
nothing wrong with me that a few lines of code cannot fix!
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎10-19-2000 09:34 AM

‎10-19-2000 09:34 AM

Re: FTP Login lockdown?

Peter:

Kofi makes a great point! I too feel the same as he does!!!

...JRF...
0 Kudos
Reply
Victor BERRIDGE
Honored Contributor

‎10-19-2000 09:39 AM

‎10-19-2000 09:39 AM

Re: FTP Login lockdown?

A agree also,
in fact I use the for such case:
an account on driveway
http://www.driveway.com/
Where I deposit the file and share it with who has to pick it up...
HAve a look at the site, its free
Yours
Victor
0 Kudos
Reply
Walter Maul
Occasional Advisor

‎10-19-2000 04:28 PM

‎10-19-2000 04:28 PM

Re: FTP Login lockdown?

James, et. al.:

Sorry, in looking at my post I neglected to state that I'm running 10.20 on a K460. I don't think the ftpaccess solution is available to me on the 10.20 platform...is it? (If so, where?)

Thanks for your continued help.
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎10-19-2000 05:42 PM

‎10-19-2000 05:42 PM

Solution

Re: FTP Login lockdown?

Peter:

I thought I remembered something; searched this forum and found the thread below. Pay particular note to Brian Fisher's comments. It appears that what you want will work on 10.20.

http://my1.itrc.hp.com/cm/QuestionAnswer/1,1150,0x715168c57f64d4118fee0090279cd0f9,00.html

...JRF...
Reply
Tim Nelson
Honored Contributor

‎10-20-2000 01:04 PM

‎10-20-2000 01:04 PM

Re: FTP Login lockdown?

If you really wish to do things right get a copy of ProFTP . This UNIX freeware is 1000s of times better for security and configuration. You can limit upload and downloads, restrict time of day and lock users into a chroot jail. The users do not even need unix logins which immediately disables other security risks. The software can be found at www.proftpd.net. We use it for internet ftp access to restrict clients from viewing other clients files.
0 Kudos
Reply
Suhas_2
Regular Advisor

‎10-21-2000 08:33 PM

‎10-21-2000 08:33 PM

Re: FTP Login lockdown?

Hi,
Pls try the following set-up
1> Create a new dummy account
2> Give /bin/false as a shell to this account
This avoids a risk of thst dummy user getting a shell in your environment.
3> Next is set-up /etc/ftpusers. Add all your users in this file, except the dummy ID that you have created.
4> Set up /etc/shells file. Put only one line in this file as /bin/false. No other line should be in this file. This adds up to the security of your system.
Pls revert if any problem. And do ot forget to award points.
Regds.....
Suhas
Never say "Die"
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.