HPE Community
Operating System - HP-UX
1834798 Members
2788 Online
110070 Solutions
New Discussion

ftpd

 
SOLVED
Go to solution
Shannon Petry
Honored Contributor

‎08-10-2000 09:33 AM

‎08-10-2000 09:33 AM

ftpd

I have this thread also in security, but maybe it does not fit in that category so I'll try here.

PROBLEM: I have a user, who has an FTP ONLY ID. It is setup where the user MUST type a password, and does not have the ability to telnet, shell, etc because of his shell being /usr/bin/true. (No lectures about it not being /usr/bin/false please).

This user likes to wander the system, and copy anything they can get. It is a problem, but for political reasons, I have to keep their FTP ID.

How can I keep this #$%^&* from changing out of their home directory, and still be able to ftp into the box.

NOTE: Restricted shell will give them the ability to telnet, and more access than I want them to have. So what can I do??????

Thanks in advance!
Shannon Petry
Microsoft. When do you want a virus today?
0 Kudos
Reply
5 REPLIES 5
Brian M. Fisher
Honored Contributor

‎08-10-2000 09:44 AM

‎08-10-2000 09:44 AM

Re: ftpd

The best option I have found is Washington University's FTP daemon wu-ftpd. This can be found for 10.20 at: http://hpux.cae.wisc.edu/
or install patch PHNE_20714 for 11.0
It provides comprehensive logging and message facilities, together with improved access and activity control mechanisms.

Brian
<*(((>< er
Perception IS Reality
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎08-10-2000 10:00 AM

‎08-10-2000 10:00 AM

Re: ftpd

This is wu-ftp. Installed and configured and running just fine :) It does have excellent logging and tracking facilities, and enhanced control for anonymous and real users. But it still does not do what I need it to do.

Is what I would like possible?

Or is running httpd for ftpd and cgi'ng the users my only hope?
Microsoft. When do you want a virus today?
0 Kudos
Reply
Rita C Workman
Honored Contributor

‎08-10-2000 10:19 AM

‎08-10-2000 10:19 AM

Re: ftpd

Very simple....do a basic chroot by doing an edit to the /etc/passwd and add a period and / to the end of his home directory....this basically changes his home directory to root.

vipw

on this persons' line change it so it says:
user:uid:gid....../home/nogoodbumb/./usr/bin/ksh

It's quick...it's easy......but a thought.
If you only have ftp rights here..you may need to add a directory /usr under his home directory and then copy into this directory /usr/sbin/pwd and /sbin/ls. Grant ownership to these to 'him'. That way this wonderful employee will have the ability to enter the command ls & pwd....which aside from get and put; I gather is all you want this little ray of sunshine to have....
Hope it helps,

0 Kudos
Reply
Brian M. Fisher
Honored Contributor

‎08-10-2000 10:51 AM

‎08-10-2000 10:51 AM

Solution

Re: ftpd

Sorry about my initial answer, I did not see that you were already running wu-ftp. Have you looked at the wu-ftp web site? I found a ducument: Guest HOWTO
Describes the basics of setting up your FTP server for guest accounts. That is, to allow real Unix users to log in, but jail them in a chroot'd area.
http://www.wu-ftpd.org/HOWTO/guest.HOWTO

Brian
<*(((>< er
Perception IS Reality
Reply
Shannon Petry
Honored Contributor

‎08-10-2000 11:32 AM

‎08-10-2000 11:32 AM

Re: ftpd

Kick but! The guest I thought was kind the same as anonymous. My bad!

Thanks, cuz that will jail em :)

I tested adding the / to the end of the home directory, as well as /. and /./ but none work to keep the user from cd'ing anywhere.
Maybe I did it wrong, but I have:
butthead:yuck:131313:666:dumb,stinky,,:/home/butthead/:/usr/bin/true

The guest should do it!
Thanks a bunch!
Microsoft. When do you want a virus today?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.