- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: FTP restricting Navigation to upper level dire...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2003 04:01 AM
03-28-2003 04:01 AM
			
				
					
						
							FTP restricting Navigation to upper level directories.  /usr/bin/false issue?
						
					
					
				
			
		
	
			
	
	
	
	
	
I am not able to restrict my FTP users to navigate to "upper level" directories on my new server running HP-UX 11.11.
I already went through a post describing the same problem as mine, but none of the solutions is working for me.
[http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x76bfd08cc06fd511abcd0090277a778c,00.html]
Note that, I had already done the configuration on my HP-UX 11.0 which worked very well and now trying it on my HP-UX 11.11...
I also observed that my /usr/bin/false is different on each server.
For instance:
HP-UX 11.0
==========
# file /usr/bin/false
/usr/bin/false: commands text
# more /usr/bin/false
# @(#) $Revision: 64.1 $
exit 1
# uname -a
HP-UX L1000 B.11.00 U 9000/800 541706567 unlimited-user license
#
HP-UX 11.11
===========
SLX1:> file /usr/bin/false
/usr/bin/false: PA-RISC1.1 shared executable dynamically linked
SLX1:>ll /usr/bin/false
-r-xr-xr-x 14 bin bin 12288 Nov 14 2000 /usr/bin/false
SLX1:>ll /usr/bin/ |grep -i "14 bin"
-r-xr-xr-x 14 bin bin 12288 Nov 14 2000 false
-r-xr-xr-x 14 bin bin 12288 Nov 14 2000 hp-mc680x0
-r-xr-xr-x 14 bin bin 12288 Nov 14 2000 hp9000s200
-r-xr-xr-x 14 bin bin 12288 Nov 14 2000 hp9000s300
-r-xr-xr-x 14 bin bin 12288 Nov 14 2000 hp9000s400
-r-xr-xr-x 14 bin bin 12288 Nov 14 2000 hp9000s500
-r-xr-xr-x 14 bin bin 12288 Nov 14 2000 hp9000s700_8MB
-r-xr-xr-x 14 bin bin 12288 Nov 14 2000 pdp11
-r-xr-xr-x 14 bin bin 12288 Nov 14 2000 u370
-r-xr-xr-x 14 bin bin 12288 Nov 14 2000 u3b
-r-xr-xr-x 14 bin bin 12288 Nov 14 2000 u3b10
-r-xr-xr-x 14 bin bin 12288 Nov 14 2000 u3b2
-r-xr-xr-x 14 bin bin 12288 Nov 14 2000 u3b5
-r-xr-xr-x 14 bin bin 12288 Nov 14 2000 vax
SLX1:>uname -a
HP-UX slx1 B.11.11 U 9000/800 762977641 unlimited-user license
Please help on how to further troubleshoot and fix this problem.
Thank you in advance for your replies.
Best Regards
Yogeeraj
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2003 04:49 AM
03-28-2003 04:49 AM
			
				
					
						
							Re: FTP restricting Navigation to upper level directories.  /usr/bin/false issue?
						
					
					
				
			
		
	
			
	
	
	
	
	
It has worked pretty well for us here keep folks in there 'place'.
Hope this thread helps,
http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xd5ab53921f1ad5118fef0090279cd0f9,00.html
Rgrds,
Rita
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2003 07:04 AM
03-28-2003 07:04 AM
			
				
					
						
							Re: FTP restricting Navigation to upper level directories.  /usr/bin/false issue?
						
					
					
				
			
		
	
			
	
	
	
	
	
s700_800/11.X/PHNE_23950 11.11 ftpd(1M) patch which enables you to use a configuration file ftpaccess which can restrict the user.
# man ftpaccess for additional information
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2003 07:09 AM
03-28-2003 07:09 AM
			
				
					
						
							Re: FTP restricting Navigation to upper level directories.  /usr/bin/false issue?
						
					
					
				
			
		
	
			
	
	
	
	
	
If you want to keep people out of lower level directories, here is a radical approach.
Make the permissions on the lower level directories inaccessible.
user schmobagel(there is a story there)
group users
logs into ftp ends up at /home/schmobagel
For whatever reason you aren't using chroot jail for ftp users and that doesn't keep you from navigating down anyway.
The permissions on the other home directories in this template example should not allow anyone but the owner to navigate
root sets the permissions on user foolish to 700
If the problem is related to the fact that your ftp users need wider permissions then consider special users in a special group for ftp.
add schmobagel to /etc/ftpd/ftpusers file and give him a different account for ftp in a group that isn't allowed to roam the machine. Again, permission based approach.
Which leads me to a bug alert. Washington University's ftpd server does not work right when you add users to the /etc/ftpd/ftpusers file, you need to download and install new binaries for that functionality to work. You'll need to open a support call to get the binaries or talk to me offline.
stevenprotter@juf.org
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2003 11:03 PM
03-28-2003 11:03 PM
			
				
					
						
							Re: FTP restricting Navigation to upper level directories.  /usr/bin/false issue?
						
					
					
				
			
		
	
			
	
	
	
	
	
thank you for your replies.
I followed the configuration steps again. Still not working.
http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xa36c7d4cf554d611abdb0090277a778c,00.html
http://forums.itrc.hp.com/cm/components/FileAttachment/0,,0x13c94e49c5cdd5118ff40090279cd0f9,00.txt
I also tried the recommendation above and still no luck.
I already have the recommend (above) patch.
SLX1:u03>swlist -l patch|grep PHNE_23950
PHNE_23950.INETSVCS-RUN 1.0 Internet Services Fileset
applied
# PHNE_23950 1.0 ftpd(1M) patch
# PHNE_23950.INETSVCS-RUN 1.0 Internet Services F
ileset applied
SLX1:u03>
please help further.
Best Regards
Yogeeraj
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2003 11:18 PM
03-28-2003 11:18 PM
			
				
					
						
							Re: FTP restricting Navigation to upper level directories.  /usr/bin/false issue?
						
					
					
				
			
		
	
			
	
	
	
	
	
If you can spend some more time in compiling the source in HP-UX platform.you can use VSFTPD server.
In that you can configure chrooting for individual user to his home directory. That would solve your problem.
http://vsftpd.beasts.org
regards,
U.SivaKumar
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2003 11:24 PM
03-28-2003 11:24 PM
			
				
					
						
							Re: FTP restricting Navigation to upper level directories.  /usr/bin/false issue?
						
					
					
				
			
		
	
			
	
	
	
	
	
thank you for your reply.
Unfortunately, this is shared directory by 15 users.
I don't want to install any non-hp stuffs on my mission-critical server which also host our corporate Database.
Any more suggestions?
Best Regards
Yogeeraj
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-29-2003 01:09 AM
03-29-2003 01:09 AM
			
				
					
						
							Re: FTP restricting Navigation to upper level directories.  /usr/bin/false issue?
						
					
					
				
			
		
	
			
	
	
	
	
	
simple question: when you open your ftp session, does the server then say: Access restrictions apply?
regards,
John K.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-29-2003 03:27 AM
03-29-2003 03:27 AM
			
				
					
						
							Re: FTP restricting Navigation to upper level directories.  /usr/bin/false issue?
						
					
					
				
			
		
	
			
	
	
	
	
	
Will this help?... (have a look at the attached file).
This works fine for us.
Cheers !!!
Mathew
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-29-2003 09:31 AM
03-29-2003 09:31 AM
			
				
					
						
							Re: FTP restricting Navigation to upper level directories.  /usr/bin/false issue?
						
					
					
				
			
		
	
			
	
	
	
	
	
==============
I didnot check any logs on the server. What would this mean?
Varghese Mathew
===================
Already gone through this document. i did post the same link above.
I still need help on how to fix this. Please help
Best Regards
Yogeeraj
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-29-2003 10:35 AM
03-29-2003 10:35 AM
			
				
					
						
							Re: FTP restricting Navigation to upper level directories.  /usr/bin/false issue?
						
					
					
				
			
		
	
			
	
	
	
	
	
I don't think the problem is with your /usr/bin/false or the corresponding script.
Did you setup your /etc/ftpd/ftpacccess file correctly?.
I would put all the users that are to be granted with restricted ftp access in a group say ftpgroup and then add them to ftpaccess's 'guestgroup' like
guestgroup ftpgroup
And make sure their home directories are setup like '/home/user/./' in /etc/passwd. Then they cannot be able to navigate above their home directories as the /home/user becomes the chroot'ed dir for the user.
-Sri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-29-2003 10:37 AM
03-29-2003 10:37 AM
			
				
					
						
							Re: FTP restricting Navigation to upper level directories.  /usr/bin/false issue?
						
					
					
				
			
		
	
			
	
	
	
	
	
I would have added to make sure your ftpaccess file is enabled by adding -a to the ftpd line in /etc/inetd.conf. Refresh inetd.
-Sri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-29-2003 11:21 AM
03-29-2003 11:21 AM
			
				
					
						
							Re: FTP restricting Navigation to upper level directories.  /usr/bin/false issue?
						
					
					
				
			
		
	
			
	
	
	
	
	
it is a message that should appear on std. out when you establish a ftp session in which "ftpaccess" is working, e.g.:
Name (TEST019:jxk): fuppub
331 Password required for fuppub.
Password:
230 User fuppub logged in. Access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
like in the above example. If you do not see "Access restrictions apply" it means that the configuration/limitation made in ftpaccess is disregarded.
That could explain why your user could move around freely.
There could be many reasons for that, one of the simplest is that the user does not belong to any of the groups which you normally restrict by ftpaccess. I'm thinking of the "guestgroup" line in ftpaccess. Is the user included in any of the groups defined as "guestgroups", normally one of the last lines in ftpaccess? A good test is to temporarily change the /usr/bin/false to a normal shell and establish a telnet connection for that user. Execute "id" to check to which group he belongs. Check also for uniqueness of users and groups.
By the way, your /usr/bin/false looks like the one I have on a 11.11 system, and its basic idea is to prevent the user from establishing another connection, e.g. telnet. I do not think the error is there.
regards,
John K.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-29-2003 10:36 PM
03-29-2003 10:36 PM
			
				
					
						
							Re: FTP restricting Navigation to upper level directories.  /usr/bin/false issue?
						
					
					
				
			
		
	
			
	
	
	
	
	
thank you for these reponses.
Sridhar Bhaskarla
=================
I have already done/checked all the things you mention here!
John
======
I need to do the test as soon as i am back in office tomorrow morning. I will update this post again.
More inputs will be most appreciated till then.
best regards
Yogeeraj
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-29-2003 10:39 PM
03-29-2003 10:39 PM
			
				
					
						
							Re: FTP restricting Navigation to upper level directories.  /usr/bin/false issue?
						
					
					
				
			
		
	
			
	
	
	
	
	
thank you for these reponses.
Sridhar Bhaskarla
=================
I have already done/checked all the things you mention here!
John
======
I need to do the test as soon as i am back in office tomorrow morning. I will update this post again.
More inputs will be most appreciated till then.
best regards
Yogeeraj
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-29-2003 10:41 PM
03-29-2003 10:41 PM
			
				
					
						
							Re: FTP restricting Navigation to upper level directories.  /usr/bin/false issue?
						
					
					
				
			
		
	
			
	
	
	
	
	
thank you for these reponses.
Sridhar Bhaskarla
=================
I have already done/checked all the things you mention here!
John
======
I need to do the test as soon as i am back in office tomorrow morning. I will update this post again.
More inputs will be most appreciated till then.
best regards
Yogeeraj
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-30-2003 08:03 PM
03-30-2003 08:03 PM
			
				
					
						
							Re: FTP restricting Navigation to upper level directories.  /usr/bin/false issue?
						
					
					
				
			
		
	
			
	
	
	
	
	
Can you post a 'what' and 'll' of your 'ftpd' executable?.
Unless you have a syntax error somewhere, I don't see any reason why it is not working for you.
-Sri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-30-2003 08:05 PM
03-30-2003 08:05 PM
			
				
					
						
							Re: FTP restricting Navigation to upper level directories.  /usr/bin/false issue?
						
					
					
				
			
		
	
			
	
	
	
	
	
-Sri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-30-2003 08:43 PM
03-30-2003 08:43 PM
			
				
					
						
							Re: FTP restricting Navigation to upper level directories.  /usr/bin/false issue?
						
					
					
				
			
		
	
			
	
	
	
	
	
thank you for your suggestion on the troubleshooting. I did the tests you mentioned and indeed my ftpaccess file was being disregarded as you suspected.
I "rebuilt" the ftpaccess file and it works fine now.
Thanks to everyone again. Thread is CLOSED now.
Best Regards
Yogeeraj
PS. the /usr/bin/false is still puzzling me. Why is it different from the one on my HP-UX 11.0.... :)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-27-2004 04:44 PM
08-27-2004 04:44 PM
