HPE Community
Operating System - HP-UX
1757934 Members
2761 Online
108866 Solutions
New Discussion юеВ

ftpd question

 
SOLVED
Go to solution
Luca Rasconi
Frequent Advisor

тАО10-30-2002 06:49 AM

тАО10-30-2002 06:49 AM

ftpd question

Hi,
i need to deny remote ftp acces to a particular user.
That is the only opertione that user can do is like this
ftp 127.0.0.1

while
ftp host_name
from remote host must be refused.

Is it possible?

Thank you
Luca

p.s.: An entry in ftpusers deny access also from local host.
Luca
0 Kudos
Reply
6 REPLIES 6
Ken Hubnik_2
Honored Contributor

тАО10-30-2002 06:50 AM

тАО10-30-2002 06:50 AM

Re: ftpd question

You can use the /var/adm/inetd.sec file to specify what ip address can use ftp.
ftp allow xxx.xxx.*
0 Kudos
Reply
Stefan Farrelly
Honored Contributor

тАО10-30-2002 06:56 AM

тАО10-30-2002 06:56 AM

Re: ftpd question

yes, you can block it with /var/adm/inetd.sec
see man inetd.sec With this you can block a server for an IP or range of IP's (eg. block ftpd for an IP)
Im from Palmerston North, New Zealand, but somehow ended up in London...
0 Kudos
Reply
Stefan Farrelly
Honored Contributor

тАО10-30-2002 06:57 AM

тАО10-30-2002 06:57 AM

Re: ftpd question

yes, you can block it with /var/adm/inetd.sec
see man inetd.sec With this you can block a service for an IP or range of IP's (eg. block ftpd for an IP)
Im from Palmerston North, New Zealand, but somehow ended up in London...
0 Kudos
Reply
Luca Rasconi
Frequent Advisor

тАО10-30-2002 07:01 AM

тАО10-30-2002 07:01 AM

Re: ftpd question

Sorry, I try to explain better:
there 3 ftp user (they can make only ftp connections), and I need to deny remote access to one only ftp user.
The other can do it.

Bye
Luca
Luca
0 Kudos
Reply
Darrell Allen
Honored Contributor

тАО10-30-2002 07:11 AM

тАО10-30-2002 07:11 AM

Solution

Re: ftpd question

Hi,

I think you are going to have to replace ftp with wrapper script that verifies the user is allowed to ftp only to 127.0.0.1.

Move /usr/bin/ftp to another location that is not in your users' search path and replace it with your script.

inetd.sec will not work. It will deny incoming connections only. Further, it is for IP addresses only, not users.

ftpusers will not work since you want this user to be able to ftp to the local host. Also, it's only for incoming connections, not outgoing.

Why do you want the user to be able to ftp to the local host? Seems he could simply use cp.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
Reply
Luca Rasconi
Frequent Advisor

тАО10-30-2002 07:13 AM

тАО10-30-2002 07:13 AM

Re: ftpd question

Hi Darrel,
you are right: why it needs this behaviour?
I simply received this strange (for me) request. I asked him the same question you asked me and I'm waiting for his reponse.

Thank you all
Luca
Luca
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.