HPE Community
Operating System - HP-UX
1827318 Members
5682 Online
109961 Solutions
New Discussion

FTP

 
SOLVED
Go to solution
Neale Machin
Advisor

‎06-27-2000 01:06 AM

‎06-27-2000 01:06 AM

FTP

Please help.What is the best way to setup a secure ftp user under 10.20 so that they can only access/see the desired area? Please note this isnt a trusted system
Just cos I look after Unix Boxes doesnt mean I wear sandals
0 Kudos
Reply
2 REPLIES 2
Marcel Boon
Trusted Contributor

‎06-27-2000 01:55 AM

‎06-27-2000 01:55 AM

Solution

Re: FTP

Hi Mark,

I find the next information for you, maybe it helps.

Configuring Anonymous ftp

Anonymous ftp allows users who do not have an account on a given system to send files to, and retrieve them from, that system.

Step 1. Add user ftp to /etc/passwd, for example:
ftp:*:500:1:anonymous ftp:/home/ftp:/usr/bin/false

The password field should be *, the group membership should be guest, or, as in this example, other, and the login shell should be /usr/bin/false.

In this example, user ftp's user ID is 500, and the anonymous ftp directory is /home/ftp.

Step 2. Create the anonymous ftp directory:

Create the ftp home directory that you referred to in the /etc/passwd file, for example:

mkdir /home/ftp

Create the subdirectory /usr/bin under the ftp home directory, for example:

cd /home/ftp

mkdir usr

cd usr

mkdir bin

Step 3. Copy the ls and pwd commands from /sbin and /usr/bin (respectively) to ~ftp/usr/bin, and set the permissions on the commands to executable only (mode 0111):
cp /sbin/ls /home/ftp/usr/bin

cp /usr/bin/pwd /home/ftp/usr/bin

chmod u=x,g=x,o=x /home/ftp/usr/bin/ls

chmod u=x,g=x,o=x /home/ftp/usr/bin/pwd

Step 4. Set the owner of the ~ftp/usr/bin and ~ftp/usr directories to root, and set the permissions to not writable (mode 0555):
chown root /home/ftp/usr/bin

chmod u=rx,g=rx,o=rx /home/ftp/usr/bin

chown root /home/ftp/usr

chmod u=rx,g=rx,o=rx /home/ftp/usr

Step 5. Create the subdirectory etc under the ftp directory, for example:
cd /home/ftp

mkdir etc

Step 6. Copy /etc/passwd and /etc/group to ~ftp/etc.
These files are required by the ls command, to display the owners of files and directories under ~ftp.

cp /etc/passwd /home/ftp/etc

cp /etc/group /home/ftp/etc

Step 7. In all entries in /home/ftp/etc/passwd, replace the password field with an asterisk (*), and delete the shell field, for example:
ftp:*:500:1:anonymous ftp:/home/ftp: tom:*:8996:20::/home/tom:

Step 8. In all entries in /home/ftp/etc/group, replace the password field with an asterisk (*):
users:*:20:acb guest:*:21:ftp

Step 9. Change the owner of the files in ~ftp/etc to root, and set the permissions to read only (mode 0444):
chown root /home/ftp/etc

chmod u=r,g=r,o=r /home/ftp/etc

Step 10. Create a directory pub under ~ftp, and change its owner to user ftp and its permissions to writable by all (mode 0777).
Anonymous ftp users can put files in this directory to make them available to other anonymous ftp users.

mkdir /home/ftp/pub

chown ftp /home/ftp/pub

chmod u=rwx,g=rwx,o=rwx /home/ftp/pub

Step 11. Create a directory dist under ~ftp. Change its owner to root and its permissions to writable only by root (mode 0755).
mkdir /home/ftp/dist

chown root /home/ftp/dist

chmod u=rwx,g=rx,o=rx /home/ftp/dist

Step 12. Change the owner of user ftp's home directory to root and the permissions to not writable (mode 0555):
chown root /home/ftp

chmod u=rx,g=rx,o=rx /home/ftp

See the man pages
Reply
Berlene Herren
Honored Contributor

‎06-27-2000 07:18 AM

‎06-27-2000 07:18 AM

Re: FTP

wu-ftpd is the software you want to restrict ftp access. It is NOT HP supported on 10.20, but the FAQ site has instructions on how to port it.

http://www.wu-ftpd.org/wu-ftpd-faq.html


Berlene
http://www.mindspring.com/~bkherren/dobes/index.htm
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.