HPE Community
Operating System - HP-UX
1836764 Members
2441 Online
110109 Solutions
New Discussion

FTP session access

 
Samboja
Advisor

‎03-12-2003 05:04 AM

‎03-12-2003 05:04 AM

FTP session access

Dear all,

How can I limiting ftp access, I mean that in ftp session user can not doing change directory (CD) to another directory besides his directory.

Any ideas..?

thanks,

Sam
0 Kudos
Reply
3 REPLIES 3
Michael Steele_2
Honored Contributor

‎03-12-2003 05:07 AM

‎03-12-2003 05:07 AM

Re: FTP session access

Refer to /etc/ftpusers. You can allow or deny by specific users this way. For example, the ftpd daemon will reject users listed here. Each account for each user must be listed one per line.
Support Fatherhood - Stop Family Law
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎03-12-2003 05:11 AM

‎03-12-2003 05:11 AM

Re: FTP session access

Set their startup shell in /etc/passwd to /bin/false.

Pete

Pete
0 Kudos
Reply
eran maor
Honored Contributor

‎03-12-2003 05:29 AM

‎03-12-2003 05:29 AM

Re: FTP session access

Hi

Here's the instructions on achieving your design for ftp access into the server:

1)load in [PHNE_23949/PACHRDME/English] (or latest ftp/ftpd). This patch resolves a couple of
issues with ftpaccess.

2) create a user via SAM (eg. user= test1 group= none)

3) This user has ONLY ftp access, so it would be wise to
code the start-up program as /usr/bin/false

4) For the home directory, specify /home//. eg:
/home/test1/./ (explanation in man ftpaccess)/etc/passwd looks like
test1:qXznDQ1RUwqZ6:115:20:,,,:/home/test1/./:/usr/bin/false
**ignore the error with SAM not being able to create a /. directory.

5) all other questions in SAM are as per normal.

6) ensure that /usr/bin/false is also coded in a file /etc/shells

7) then edit-create the file /etc/ftpd/ftpaccess to have these lines:
class all test1,guest * <-- line#1
guestgroup none <-- line#2
limit all 5 Any /no-more-ftp-access <-- line#3
noretrieve /etc/passwd core <-- line#4

with #chmod 444 ftpaccess
#chown bin:bin ftpaccess

Explanation:
line#1 : 'class' is a verb
'all' is a class of users;
you can call it anything you like.
'guest' is a verb ???test1??? is the user name
'*' is the range of users allowed to ftp
into the machine.
You can restrict this further if you want to.
Do a man ftpaccess

line#2 : 'guestgroup' is a verb
: 'none' is the group name of the users
that have been coded via SAM
(see /etc/group to find out what group
that has)

line#3 : 'limit' is a verb
'all' as per line#1,the class of users.
'5' is the number of ftp sessions; in this case
its five.
You can change it to any number of your choice.
'Any' , do a man ftpaccess for explanation
'/no-more-ftp-access' is a filename that
contains a message to be displayed when the
limit is reached.

line#4 : types of files to restrict

8) then edit /etc/inetd.conf to add in '-a' argument for ftpd; thus:
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -a

9) inetd -c (to re-read the configuration file)

10) Create the following subdirecties and files:
a. ~test1/usr
#chown ???R bin:bin usr
#chmod 555 usr
b. ~test1/usr/bin
#chown root bin
#chmod 555 bin
#cp -p /sbin/ls ~test1/usr/bin/ls

11) The ~test1/usr/bin/ls allows the use of the 'ls' command in ftp to find out
the files that are present in their directory.

12) test to verify
love computers
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.