HPE Community
Operating System - HP-UX
1830467 Members
2555 Online
110005 Solutions
New Discussion

FTP transfer restriction

 
Roro_2
Regular Advisor

‎04-15-2009 11:53 PM

‎04-15-2009 11:53 PM

FTP transfer restriction

Hello,

Our customer has an HP server rp3440 running HP-UX 11i v1. They are using "cuteptppro.exe" from Windows workstation to trnasfer files from /to HP server through ftp protocol.
In fact the above utility uses a non-root account (user1) for the transfer but the problem is that user1 can access and transfer any directory from / (root directory).
How can i restrict the access and transfer to a special director ( /data/tmp ) .

Regards

Roger
0 Kudos
Reply
11 REPLIES 11
Suraj K Sankari
Honored Contributor

‎04-16-2009 12:11 AM

‎04-16-2009 12:11 AM

Re: FTP transfer restriction

Hi,

Apply chroot for restriction the same user.

Suraj
0 Kudos
Reply
Ganesan R
Honored Contributor

‎04-16-2009 12:28 AM

‎04-16-2009 12:28 AM

Re: FTP transfer restriction

Hi,

You need to configure unix account with chroot restriction. Refer these threads on how to configure chroot.

http://forums13.itrc.hp.com/service/forums/questionanswer.do?admit=109447627+1239870243403+28353475&threadId=580292

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1043408&admit=109447626+1239870356408+28353475
Best wishes,

Ganesh.
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎04-16-2009 01:20 AM

‎04-16-2009 01:20 AM

Re: FTP transfer restriction

>uses a non-root account (user1) for the transfer but the problem is that user1 can access and transfer any directory from / (root directory).

user1 can only transfer to directories with write permission, which isn't / but would include /tmp and /var/tmp and user1's home directory. It probably can read from /.

The chroot solution mentioned above would stop those reads too.
0 Kudos
Reply
Roro_2
Regular Advisor

‎04-16-2009 01:43 AM

‎04-16-2009 01:43 AM

Re: FTP transfer restriction

Hello,

I need more details about chroot restriction.

Regards

Roger
0 Kudos
Reply
Roro_2
Regular Advisor

‎04-16-2009 03:32 AM

‎04-16-2009 03:32 AM

Re: FTP transfer restriction

Hello,

I could restrict the transfer and access to one directory under HPUX server.
Still to fix a problem : the files of the HPUX directory are not listed on screen within the cuteftp utility ; the files of the windows directories are displayed.
So i am able to transfer files from windows to HPUX but i am not able to transfer files from HPUX to windows.

Please advise

Roger
0 Kudos
Reply
Hakki Aydin Ucar
Honored Contributor

‎04-16-2009 03:53 AM

‎04-16-2009 03:53 AM

Re: FTP transfer restriction

Try with edit /var/adm/inetd.sec

add the line:

ftp deny
0 Kudos
Reply
Ganesan R
Honored Contributor

‎04-16-2009 03:54 AM

‎04-16-2009 03:54 AM

Re: FTP transfer restriction

Hi,

This link has enough details. You can open the attachment in the below link.

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=497251
Best wishes,

Ganesh.
0 Kudos
Reply
Hakki Aydin Ucar
Honored Contributor

‎04-16-2009 04:02 AM

‎04-16-2009 04:02 AM

Re: FTP transfer restriction

Addition ;

if you are not sure I address makes ftp to your server use this:

edit /var/adm/syslog/syslog.log

and watch for the line like this:
FTP LOGIN FROM

add the line :

ftp deny

0 Kudos
Reply
Roro_2
Regular Advisor

‎04-16-2009 05:07 AM

‎04-16-2009 05:07 AM

Re: FTP transfer restriction


Hello,

Still facinf the following problem : the files of the HPUX directory are not listed on screen within the cuteftp utility ;


Please advise

Roger
0 Kudos
Reply
Steven Schweda
Honored Contributor

‎04-16-2009 06:40 AM

‎04-16-2009 06:40 AM

Re: FTP transfer restriction

> Still facinf the following problem : the
> files of the HPUX directory are not listed
> on screen within the cuteftp utility ;

For completeness, it would be good to try
things using a simple (stupid) FTP client
program instead of a fancy, GUI FTP client,
but a popular reason for this kind or problem
is not doing what "man ftpd" says to do.

See, for example:

http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1256358

If you need more information, you may need to
say more about what you did.


To the answerers:

> Refer these threads [...]

Note that when citing ITRC threads, it's
normally faster/safer if you say "forums."
instead of "forumsN." (N = 11, 13, ...), and
you can omit the whole "admit=X+Y+Z"
parameter in the URL.
0 Kudos
Reply
Steven Schweda
Honored Contributor

‎04-16-2009 07:14 AM

‎04-16-2009 07:14 AM

Re: FTP transfer restriction

> Apr 16, 2009 14:40:58 GMT 5 pts

So, does that mean that everything works now,
or everything half-works now, or half of
everything works now, or that you still
haven't read "man ftpd", or what?

> Please advise

Same to you.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.