HPE Community
Operating System - HP-UX
1825808 Members
2275 Online
109688 Solutions
New Discussion

Re: FTP Restriction

 
Fuad_1
Regular Advisor

‎09-17-2004 10:16 PM

‎09-17-2004 10:16 PM

FTP Restriction

I would restric a user account to ftp only, the problem that the user is part of group that is can not be changed, as the files that will pushed needs to be accessed from users in same group, which is an appliaction group. So, How I can use the ftpaccess, while I can not change the user group to already restricted gourp in the system "ftponly"
Set goals, and work to achieve them
0 Kudos
Reply
6 REPLIES 6
bhavin asokan
Honored Contributor

‎09-17-2004 11:12 PM

‎09-17-2004 11:12 PM

Re: FTP Restriction

hi,

make an entry in the /var/adm/inetd.sec file

ftp deny username

regds,
0 Kudos
Reply
Robert-Jan Goossens
Honored Contributor

‎09-17-2004 11:13 PM

‎09-17-2004 11:13 PM

Re: FTP Restriction

Hi Fuad,

Not perfect but, why not setup this user just for ftp only. Don't change the group for that users to ftponly.
---
Now add a user to the system. Use a group that is 'application group' and make the user's shell /usr/bin/ftpshell.
---

Regards,
Robert-Jan
0 Kudos
Reply
bhavin asokan
Honored Contributor

‎09-17-2004 11:23 PM

‎09-17-2004 11:23 PM

Re: FTP Restriction

sorry,
the older reply is for an ipaddress not foe a user.

make a file ftpusers in /etc/ftpd folder
enter your user name to be restricted in that.
this will prevent that user from ftp access.

regds,
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎09-18-2004 04:34 AM

‎09-18-2004 04:34 AM

Re: FTP Restriction

Hi Fuad,

You don't need to modify ftpaccess file if you want to make the user account "ftponly". Just make the shell as "/usr/bin/false" in /etc/passwd file. If you don't have a /etc/shells file, create one with all valid shells with one shell per line and add /usr/bin/false also to it. That will enable user to do ftp and not telnet/rlogin etc.,

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Fuad_1
Regular Advisor

‎09-18-2004 04:31 PM

‎09-18-2004 04:31 PM

Re: FTP Restriction

Hi,

I would restrict the ftp user, so it can not traverse the filesystem, restricted to ftp specific directory.
Set goals, and work to achieve them
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎09-18-2004 04:50 PM

‎09-18-2004 04:50 PM

Re: FTP Restriction

Hi,

Well. You can still do it even after changing the group to 'ftponly'.

1. Make the user's home directory like /home/user/./
2. Create a group say 'ftponly' and change the primary group of the user to ftponly.
3. Add the following lines to your /etc/ftpd/ftpaccess file

guestgroup ftponly

With the above user will not be able to move above /home/user structure. Then use 'upload' directive in ftpaccess to change the ownership and group of the uploaded files. For ex., adding the following will make the ownership and group set to user and appgrp with permissions 0440.

upload /home/user * yes user appgrp 0440

You will have to add -a to your ftpd line in /etc/inetd.conf and refresh inetd - inetd -c.

-Sri

You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.