HPE Community
Operating System - HP-UX
1830481 Members
2559 Online
110005 Solutions
New Discussion

ftp outbound only

 
John Carver
Frequent Advisor

‎02-26-2003 02:27 PM

‎02-26-2003 02:27 PM

ftp outbound only

I have ftp setup using ftpaccess. Is there a way to restrict ftp to outbound transfers only
utilizing this file and only from a specific
filesystem? I do not want to setup restricted users accounts.
0 Kudos
Reply
4 REPLIES 4
Patrick Wallek
Honored Contributor

‎02-26-2003 04:02 PM

‎02-26-2003 04:02 PM

Re: ftp outbound only

I don't know if that can be done using ftpaccess.

I can think of two things for you though.

1) If you only want outbound FTP, disable FTP (ie. comment out the lines) in /etc/services and /etc/inetd.conf. That way incoming connections can't be established.

2) For only allowing outbound from a specific filesystem, you could write a wrapper for ftp. In it you'd check the current directory and if it isn't the correct one, print a message and exit out abnormally (exit 1, exit 2, whatever).
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎02-26-2003 10:12 PM

‎02-26-2003 10:12 PM

Re: ftp outbound only

Yes.

edit /etc/inetd.conf

comment out the line that says ftpd

save file

inetd -c

No more inbound ftp from anywhere to that HP-UX box.

To restrict individual users see /etc/ftpusers file add users that you don't want to have ftp access. Make sure root can't root inbound ftp is a security hazard.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
John Carver
Frequent Advisor

‎02-27-2003 10:29 AM

‎02-27-2003 10:29 AM

Re: ftp outbound only

Now to go even further, how could I restrict
inbound ftp to getting files only. All ftp activity would be users that have telnet access so I can't really set everyone up with
two accounts, one for telnet and one for restricted ftp access. Ideally I need users to have the ability to only retrieve files from a specific filesystem. I have been told that ftpaccess can handle this but I'am not sure how to go about it. All of these users are connecting through a PC (telnet) and the GUI Database interface needs to update PC application scripts periodically via ftp.
0 Kudos
Reply
Christopher McCray_1
Honored Contributor

‎02-27-2003 10:38 AM

‎02-27-2003 10:38 AM

Re: ftp outbound only

Hello,

If you want to restrict to retrieve only, then make use of the "upload" variable with "no" option (this example is based upon a chrooted env.):

upload /path/to/actual/dir / no
upload /path/to/actual/dir /subdir no
upload /path/to/actual/dir /othersubdir no

and so on for every directory they have access to.

Hope this helps

Chris
It wasn't me!!!!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.