HPE Community
Operating System - HP-UX
1836820 Members
1921 Online
110110 Solutions
New Discussion

FTP User can see root directory

 
Gerald Miller_1
Occasional Advisor

‎05-25-2002 11:31 AM

‎05-25-2002 11:31 AM

FTP User can see root directory

I have an ftp user, jim, who accesses domain.com to upload his website. I have him currently chrooted to /web/domain.com/htdocs/jim/./

The folder is part of the jac group, of which jim also belongs.

He lands in the correct directory when logging on, however, nothing stops him from going back to the root directory.

Any advice?
If it compiles, it's good. If it boots up, it's perfect.
0 Kudos
Reply
5 REPLIES 5
Michael Tully
Honored Contributor

‎05-25-2002 01:12 PM

‎05-25-2002 01:12 PM

Re: FTP User can see root directory

Hi,

Have a look in the linked posting:

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x4c6d46ff9277d511abcd0090277a778c,00.html

There are many posts for this subject. Also use the search key on the left <-- and use in the subject line 'restricting ftp' or similar.

Cheers
~Michael~
Anyone for a Mutiny ?
0 Kudos
Reply
Sanjay_6
Honored Contributor

‎05-25-2002 04:43 PM

‎05-25-2002 04:43 PM

Re: FTP User can see root directory

Hi Gerald,

Which version of HP-UX are you using. If you are using 11.0 or above, configure the ftpaccess to restrict the user from roaming around. Take a look at the thread below on how to configure ftpaccess. Also do "manb ftpaccess" on the other options and what they mean.

http://support2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=500000000092476

Hope this helps.

Regds
0 Kudos
Reply
Nikos Samarniotis
New Member

‎05-29-2002 01:56 AM

‎05-29-2002 01:56 AM

Re: FTP User can see root directory

Check the permissions
of /web/domain.com/htdocs/jim/..

0 Kudos
Reply
Sebastian Galeski_1
Trusted Contributor

‎05-29-2002 02:47 AM

‎05-29-2002 02:47 AM

Re: FTP User can see root directory

Hi setup his account as follow:
1. setup ftp user with acces only to his home dir:
1.1 apply last patches for ftp
1.2 use SAMand create user "ftponly" add him to group "none"
1.3 as startup program put /usr/bin/false
1.4 Edit /etc/passwd fo this user (set home dir /home/ftponly/./
have a look at man ftpaccess)
ftponly:qXznDQ1RUwqZ6:115:20:,,,:/home/ftponly/./:/usr/bin/false
1.5 add /usr/bin/false to /etc/shells
1.6 Edit /etc/ftpd/ftpaccess
class all test1,guest * <-- line#1
guestgroup none <-- line#2
limit all 5 Any /no-more-ftp-access <-- line#3
noretrieve /etc/passwd core <-- line#4

set rights to file:
#chmod 444 ftpaccess
#chown bin:bin ftpaccess

1.7 Edit /etc/inetd.conf add '-a' argument for ftpd; ie.
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -a
1.8 do inetd -c
1.9 create next subdirectories in /home/ftponly and set next rights
a.
#cd /home/ftponly
#mkdir usr
#chown ???R bin:bin usr
#chmod 555 usr
b.
#cd /home/ftponly/usr
#mkdir bin
#chown root bin
#chmod 555 bin
1.10
copy ls command
#cd /home/ftponly/usr/bin
#cp -p /sbin/ls .
1.11 Test


hope it help
0 Kudos
Reply
Rita C Workman
Honored Contributor

‎05-29-2002 05:00 AM

‎05-29-2002 05:00 AM

Re: FTP User can see root directory

Gerald,

You don't mention your O/S..

If your on 11 than you should be able to follow Gerald's instruction.

If your on 10.2 you may need to download wu-ftpd and load it. Then remember to change your ~inetd.conf so it points to the wu-ftpd version of ftp. You can then use the templates provided with wu-ftpd (and adjust to point to wu-ftpd) to accomplish everything.

Hope that helps,
Rita
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.