- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- FTP only access for new user
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2003 06:42 AM
04-23-2003 06:42 AM
FTP only access for new user
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2003 06:49 AM
04-23-2003 06:49 AM
Re: FTP only access for new user
Regards,
SHannon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2003 06:55 AM
04-23-2003 06:55 AM
Re: FTP only access for new user
As long as you have the -a option for ftp in inetd.conf, and the user has the primary group of the group in ftpaccess, and the user has a fake shell listed in /etc/shells, ftpaccess 'should' work.
I am not sure of another way to do this in the restrictions you want. Giving them a shell like /usr/bin/false will keep them out via telnet, but will not keep them from traversing around. (Unless you make their home directory something with fairly restrictive permissions above it...)
i.e. Have their home directory be /data/ftp/bob,
but the permissions on /data/ftp are such that they can't get into it. That may not prevent them from doing a 'cd /', however, and it would be a fairly manual process.
Maybe we could help you with ftpaccess?
Hope it helps
John
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2003 07:01 AM
04-23-2003 07:01 AM
Re: FTP only access for new user
What errors are you getting when you try out the account? As John mentioned, post your ftpaccess file and we'll take a shot at it.
JP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2003 07:22 AM
04-23-2003 07:22 AM
Re: FTP only access for new user
First, you must configure the ftpd daemon to use additional security. Copy the standard ftpaccess security file into the /etc/ftpd directory:
# cp -p /usr/newconfig/etc/ftpd/ftpaccess /etc/ftpd/ftpaccess
Edit /etc/inetd.conf to force the ftpd daemon to read the ftpaccess file at startup. Add the -a option to the ftpd argument list. As a further security measure, you can set the default umask which the ftp daemon uses to create files. Add a -u flag if you want this:
# vi /etc/inetd.conf
:
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -a -l -u 022
:
Reload the ftp configuration:
# inetd -c
Create the ftp-only user
The ftpaccess file depends on a group called ftponly to work. Add this group to /etc/group first. I still want oracle to use ftp so add this and any other users to the group too.
# vi /etc/group
ftponly::200:oracle
To create the ftp-only user, you need to do a couple of unusual things to the entry in /etc/passwd. First, to login to a UNIX system via telnet, the user must have a shell. Putting /sbin/false in the shell field will prevent access by telnet - if you don't have a shell, then you can't login. Next, it is a good idea to prevent the ftp user from navigating round the unix file system. You can force UNIX to do an implicit chroot when you connect to ftp by appending /./ to the user's home directory field. So the /etc/passwd file entry for your ftp user will look like this:
ftpuser::1001:200:ftp user:/stagepost/sp1/inbox/CRA/man/./:/sbin/false
There is one additional step required to allow ftpuser to login. Add the phoney shell /sbin/false to the /etc/shells file:
# echo /sbin/false >> /etc/shells
Now test that the user has ftp only access by attempting a telnet and connecting through ftp.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2003 09:33 AM
04-23-2003 09:33 AM
Re: FTP only access for new user
Create ftp user having shell as /bin/false ,so he will not be able to login through telnet , for the ftp home directory use a public folder for the same
Rizwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2003 10:11 AM
04-23-2003 10:11 AM
Re: FTP only access for new user
see my post in the URL below:
http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xc736b941255cd71190080090279cd0f9,00.html
tons of info. I am sure you will be able to fix that problem of yours!
cheers
Yogeeraj