HPE Community
Operating System - HP-UX
1834051 Members
2725 Online
110063 Solutions
New Discussion

Re: ftp with restricted shell 11.X

 
Ron Van Cleave
Occasional Contributor

‎04-19-2001 06:31 AM

‎04-19-2001 06:31 AM

ftp with restricted shell 11.X

Hi,

We would like to limit ftp user access to
the applicable home directory and below.

My understanding is that this can be done
via the restricted shell and ./ home
directory via the /etc/passwd file.

The above works for a login session using
a rsh shell type, however the ftp session
still has the ability to ftp up the directory
structure.

So, the shell has been change to /usr/bin/ftponly
so as to only allow ftp access, however this
scenario still allows the ftp session to cd
up the directory structure.

Here's an example entry from /etc/passwd
ftpuser:*:UID:GID:,,,:/home/ftpbp/./ftpuser:/usr/bin/false
or
ftpuser:*:UID:GID:,,,:/home/ftpbp/./ftpuser:/usr/bin/rsh

We have not incorporated the ftpaccess file
in that we do not want to restrict all users
to a specific list of directories.

Has anyone experienced similar results or
any suggestions as to whet we might be missing

Thanks Ron.

0 Kudos
Reply
6 REPLIES 6
Victor BERRIDGE
Honored Contributor

‎04-19-2001 06:48 AM

‎04-19-2001 06:48 AM

Re: ftp with restricted shell 11.X

Hi,
look at the man page for "ftpaccess".

Best regards

Victor
0 Kudos
Reply
Ron Van Cleave
Occasional Contributor

‎04-19-2001 07:57 AM

‎04-19-2001 07:57 AM

Re: ftp with restricted shell 11.X

Not attempting to do this via ftpaccess
in that it is our understanding that
this will restrict all access to a
specified list of users?

Is this an incorrect understanding?
0 Kudos
Reply
Joseph C. Denman
Honored Contributor

‎04-19-2001 08:29 AM

‎04-19-2001 08:29 AM

Re: ftp with restricted shell 11.X

you can still set it up where other users can have full access through ftp. Just because you restrict one does not mean you have to rescrict all.

ftpaccess is what you need to setup to do what you are attempting to do.

man 4 ftpaccess


...jcd...
If I had only read the instructions first??
0 Kudos
Reply
Ron Van Cleave
Occasional Contributor

‎04-19-2001 02:56 PM

‎04-19-2001 02:56 PM

Re: ftp with restricted shell 11.X

The ftpaccess worked to restrict the ftp
login's so that they are unable to
traverse the filesystem.

Specifically the entry:
# Specify which group of users will be
# treated as "guests".
# NOTE: groupname must be a real group
# name in the real system file
# /etc/group.
guestgroup ftpgroup

It seems that the combination of the
passwd, restricted shell and ftpaccess
file configuration that results in the
desired functionality

The manpage as usual is not intuitively
helpful for newbies, so was able to find
some example ftpaccess files and those
helped to clarify the specifics of the
various constructs.

See http://web.hpl.hp.com/services/rcsweb/techs/post-host/ftp/ftpaccess.html

Thanks for the help.

Ron.
0 Kudos
Reply
Christopher Caldwell
Honored Contributor

‎04-19-2001 03:29 PM

‎04-19-2001 03:29 PM

Re: ftp with restricted shell 11.X

ftp on 11.X classes users.

You're either real, guest, or anonymous.

Use the /etc/group file to discriminate among the users.

For the folks who need full access, class them as real. For the folks that need to be chroot'd, make the guests using the guestgroup directive. The server will chroot to their home directory.

Set up their directories like
/home/./user

don't forget to copy /sbin/ls to /home/bin/ls if you want these folks to get directory listings.


0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.