HPE Community
Operating System - HP-UX
1833838 Members
2569 Online
110063 Solutions
New Discussion

Re: ftpd

 
SOLVED
Go to solution
Shannon Petry
Honored Contributor

‎08-10-2000 08:12 AM

‎08-10-2000 08:12 AM

ftpd

Have a bit of a dilemma, and not sure the best way of handeling it. I have a pain in the $#%^ user who has an FTP id, and wanders the system. I need to know the best way to keep them in just their own home dir.
Here is what I have.
ftpuser:passwd:yada:yada:yada:/home/ftpuser:/usr/bin/true

The /etc/shells has an entry for /usr/bin/true, and the user is not in ftpusers of course.

I want to keep this person in just /home/ftpuser.
I have chroot installed, but can not seem to get it to work as I had expected.

Thanks in advance!
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
11 REPLIES 11
Antoanetta Naghiu
Esteemed Contributor

‎08-10-2000 08:20 AM

‎08-10-2000 08:20 AM

Re: ftpd

Start ftpd -l in /etc/inetd.conf to log ftp entries.
Why don't enable that user as anonymous ftp under /usr/bin/false as shell?
See http://www.docs.hp.com/dynaweb/hpux11/@Generic__CollectionView for very detailed explainations for how to create it.
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎08-10-2000 08:27 AM

‎08-10-2000 08:27 AM

Re: ftpd

Shannon:

I think you'll find some helpful suggestions in:

http://my1.itrc.hp.com/cm/QuestionAnswer/1,1150,0x30717e990647d4118fee0090279cd0f9,00.html

...JRF...
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎08-10-2000 08:29 AM

‎08-10-2000 08:29 AM

Re: ftpd

Shannon:

Also:

http://my1.itrc.hp.com/cm/QuestionAnswer/1,1150,0x04567e990647d4118fee0090279cd0f9,00.html

...JRF...
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎08-10-2000 08:38 AM

‎08-10-2000 08:38 AM

Re: ftpd

I read the relevant posts, but it does not fit here. If I give the user rsh, he/she/they still have the ability to telnet. I only want this user to FTP. This is the sticky point.

As for setting up anonymous FTP, I do not want anonymous ftp on this machine. I have other servers for just that job, and they run just fine. This user must move data to a secure point, not a public access point.
Microsoft. When do you want a virus today?
0 Kudos
Reply
Antoanetta Naghiu
Esteemed Contributor

‎08-10-2000 08:50 AM

‎08-10-2000 08:50 AM

Re: ftpd

It is not necessary to call it anonymous ftp. Can call it whatever name you want. What do you want he/she/they do on the system beside ftp? Are they going to be regular users with normal rights? Can you make use of /var/adm/inetd.sec (if they come from the same box and nobody else comes from that particlar node?
Acctually, say what you try to achieve, and you'll see...
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎08-10-2000 09:04 AM

‎08-10-2000 09:04 AM

Re: ftpd

I thought I did state pretty clearly what I wanted to do.
Have a user FTP to the system, and not be able to move out of their home directory.
The user must be REAL, meaning not an anonymous user!
Microsoft. When do you want a virus today?
0 Kudos
Reply
Antoanetta Naghiu
Esteemed Contributor

‎08-10-2000 09:28 AM

‎08-10-2000 09:28 AM

Re: ftpd

This is what I understand you wanted. if you are not happy with annonymous ftp or tftp (trivial ftp), you can try to write your own scripts and put that one as shell...Or use rsh. Or, last line in .profile run a home-made shell....
0 Kudos
Reply
Rita C Workman
Honored Contributor

‎08-10-2000 10:44 AM

‎08-10-2000 10:44 AM

Solution

Re: ftpd


Very simple....do a basic chroot by doing an edit
to the /etc/passwd and add a period and / to the
end of his home directory....this basically changes
his home directory to root.

vipw

on this persons' line change it so it says:
user:uid:gid....../home/nogoodbumb/./usr/bin/ksh

It's quick...it's easy......but a thought.
If you only have ftp rights here..you may need to
add a directory /usr under his home directory and
then copy into this directory /usr/sbin/pwd and
/sbin/ls. Grant ownership to these to 'him'. That
way this wonderful employee will have the ability
to enter the command ls & pwd....which aside
from get and put; I gather is all you want this little
ray of sunshine to have....
Hope it helps,
Reply
Anthony Goonetilleke
Esteemed Contributor

‎08-10-2000 05:27 PM

‎08-10-2000 05:27 PM

Re: ftpd

Change your ftp daemon to wuftpd.
Its great and has a lot more flexibility and is tried and proven and you can do all sorts of neat tricks with it and also the logiing is very good. It can do the exact thing you want it to do.
Minimum effort maximum output!
0 Kudos
Reply
Michael F. Steele
New Member

‎08-18-2000 05:57 AM

‎08-18-2000 05:57 AM

Re: ftpd

Make use of the .netrc file by scripting out a set of commands for ftpuser. Then invoke the .netrc file and the ftpuser login from a script, and restrict ftpuser to executing the script instead of manually logging. This process can also be put into a cron.
Every Tekkie Wants to Be Right
0 Kudos
Reply
Ian Cameron
Frequent Advisor

‎09-18-2000 10:07 AM

‎09-18-2000 10:07 AM

Re: ftpd

I have tried Rita's method and it did not limit the access to /home/***** by adding the ./ to the /etc/passwd home dir string. My case is similar to the original posting except I have several users pointing to a single directory to be used for passing prototype/developmental data. Has anyone found a workable solution yet?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.