HPE Community
Operating System - HP-UX
1827249 Members
2776 Online
109716 Solutions
New Discussion

Re: ftpaccess

 
SOLVED
Go to solution
Troyan Krastev
Regular Advisor

‎04-29-2003 11:32 AM

‎04-29-2003 11:32 AM

ftpaccess

Hi All,

Using Doc #BC0814KBRC00007719 I was able to restrict access of one user to the server. The problem is now nobody else can access FTP. This is my /etc/ftpd/ftpaccess file:
class tibco_ftp tibuser,guest *
guestgroup tibco
limit tibco_ftp 1 Any /etc/no-more-ftp-access
noretrieve /etc/passwd core
suppresshostname yes
suppressversion yes

Thans,
Troy
0 Kudos
Reply
4 REPLIES 4
Steven E. Protter
Exalted Contributor

‎04-29-2003 11:41 AM

‎04-29-2003 11:41 AM

Re: ftpaccess

chroot will restrict a user to the default login directory.

http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000062909155

http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000062906293

Second one looks better.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Steven E. Protter
Exalted Contributor

‎04-29-2003 11:43 AM

‎04-29-2003 11:43 AM

Re: ftpaccess

Found another one.

http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/5969-4306/5969-4306_top.html&con=/hpux/onlinedocs/5969-4306/00/00/4-con.html&toc=/hpux/onlinedocs/5969-4306/00/00/4-toc.html&searchterms=ftp%7cchroot&queryid=20030429-133943

Command line Options (for the ftpd daemon)

The following new options are available in WU-FTPD 2.6.1:

-q & -Q

These options determine whether the WU-FTPD daemon uses the PID files. These files are required by the limit directive to determine the number of current users in each access class. Disabling the use of the PID files disables user limits. By default, the daemon uses the PID files. Specify -Q to disable using the PID files. The -Q option can be used for testing the server as a normal user since access permissions prevent the use of the PID files. Large, busy sites that do not wish to impose limits on the number of concurrent users may also consider disabling the PID files.


-r root dir

This option instructs the daemon to chroot (see chroot(2)) to the specified rootdir immediately upon loading. This can improve system security by limiting the files which may be damaged should a break-in occur through the daemon. This option is like anonymous FTP.


-V

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Bill Douglass
Esteemed Contributor

‎04-29-2003 11:45 AM

‎04-29-2003 11:45 AM

Solution

Re: ftpaccess

When ftpaccess is enabled (-a option to ftpd), it denies access for users that do not have a defined class.

You need to define a class for the rest of your ftp users. Something like:

class others real *

or

class others user1,user2,user3 *
Reply
Troyan Krastev
Regular Advisor

‎04-29-2003 11:58 AM

‎04-29-2003 11:58 AM

Re: ftpaccess

Thank you Bill. This is what I need.
Thank you Steven for the nice features you pointing to.

Thanks again,
Troy
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.