HPE Community
Operating System - HP-UX
1834613 Members
3236 Online
110069 Solutions
New Discussion

FTP

 
KOGOE Jean_Baptiste
Advisor

‎02-20-2005 10:19 PM

‎02-20-2005 10:19 PM

FTP

I would like to create an ftp user with access on only a specific directory (/fic/edition) and create restriction on the pc with the ip addrees 10.10.30.3; my server run on HPUX 11
please help
0 Kudos
Reply
4 REPLIES 4
Keith Bryson
Honored Contributor

‎02-20-2005 10:37 PM

‎02-20-2005 10:37 PM

Re: FTP

You will need to use /var/adm/inetd.sec (see 'man inetd.sec') or TCP wrappers.

Keith
Arse-cover at all costs
0 Kudos
Reply
Jdamian
Respected Contributor

‎02-20-2005 11:15 PM

‎02-20-2005 11:15 PM

Re: FTP

You can define a "guest" user in order to restrict access of a given login.

I cannot explain details but manual pages for ftpaccess(4) contain all details (pay attention on "class" and "guestgroup" entries).
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎02-21-2005 12:53 AM

‎02-21-2005 12:53 AM

Re: FTP

I could recoomend chroot jail.

you can impose /fic/edition as the users home directory and with chroot in the ftpaccess file that will appear to be the root directory.

You would then need to make that usrs shell /usr/bin/false (I believe) and copy the ls and other binaries into the chroot directory so that ftp will function correctly.

As far as restricting the pc, there is little you can do there. Any ftp client will be able to connect with any server on the network.

What I do with users to discourage exploration is to provide them a desktop icon that opens the ftp client and begins the connection process. Most users don't know how to use command line ftp and its possible to set up Windows so the command line is not accessible.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Simeon Harwood
Regular Advisor

‎02-21-2005 09:26 PM

‎02-21-2005 09:26 PM

Re: FTP

If you wanted to buy a good book on the subject of security that will explain how to do the FTP chroot jail stuff, I highly recomend: -
HP-UX 11i security by Chris Wong
(isbn 0-13-033062-0)

I've read this book and found it very usefull indeed.
You never had this problem with a pencil and paper!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.