Operating System - HP-UX
1833783 Members
2453 Online
110063 Solutions
New Discussion

Giving restricted telnet and ftp access at the same time

 
Rafael Moran
Advisor

Giving restricted telnet and ftp access at the same time

Hello,

I'm giving telnet and ftp access to a server with rksh. With that I obtained that users can't move from their directories with telnet access but when they do an ftp with a windows client they can move freely to other directories
Anybody knows a way to restrict it without changing the login ? I don't want to use restricted ftp, anonymous ftp or similar, because then I loss the telnet access with it.

Thank you very much
Hi! I'm keko
6 REPLIES 6
harry d brown jr
Honored Contributor

Re: Giving restricted telnet and ftp access at the same time

Do a chroot on them and they will be restricted to the "root" that you give them.

What OS version are you running?

live free or die
harry
Live Free or Die
Rafael Moran
Advisor

Re: Giving restricted telnet and ftp access at the same time

Thank you Harry,

I'm using 10.20
I tried to put the chroot in the .profile but it always says me Not Owner
I checked all files in the directory and all of them belongs to the user
If I do it as root no problem
Hi! I'm keko
T. M. Louah
Esteemed Contributor

Re: Giving restricted telnet and ftp access at the same time

It seems that the following thread discusses exactly that :
http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xfea3663ce855d511abcd0090277a778c,00.html

g'd luck
t++
Little learning is dangerous!
Rafael Moran
Advisor

Re: Giving restricted telnet and ftp access at the same time

Thanks for the thread TM, but I still need and extra help.
That I have now is:

- Users can telnet but they can't move from his home directory due to the rksh

- Only a few users are allowed to ftp to the system as defines in /etc/ftpusers

Last thing I neeed is these ftp users can't move from his home directory. They use an ftp windows client and it seems that the restriction with rksh is not working with it and they can move around the filesystems.

Thank you


Hi! I'm keko
Christopher Caldwell
Honored Contributor

Re: Giving restricted telnet and ftp access at the same time

wu-ftpd (patched default on HP-UX 11.x or higher) does this by configuration. You can grab a copy at
http://www.wu-ftpd.org/

If the technique works on HP-UX 10.20, it'll probably be through the same mechanism:

You can try making the user's home directory like this in /etc/passwd
/home/user/./
or
/home/./user

depending on where you'd like the chroot to occur.

For the former, user's home directory will need a copy of system:/sbin/ls in a bin directory created in their home directory
e.g.
mkdir /home/user/bin
cp /sbin/ls /home/usr/bin/ls

for the latter, you'll need one copy of /sbin/ls in /home/bin
e.g.
mkdir /home/bin
cp /sbin/ls /home/bin/ls
T. M. Louah
Esteemed Contributor

Re: Giving restricted telnet and ftp access at the same time

I just want to add 2 things:

1- ftpd rejects remote logins to local user accounts that are named in
/etc/ftpd/ftpusers. Each restricted account name must appear alone on
a line in the file. The line cannot contain any white space. User
accounts that specify a restricted login shell in /etc/passwd should
be listed in /etc/ftpd/ftpusers because ftpd accesses local accounts
without using their login shells.

2- about /etc/passwd
The following fields have character limitations as noted:

+ Login name field can be no longer than eight characters;
+ Initial working directory field can be no longer than 63 characters;
+ Program field can be no longer than 44 characters.
+ Results are unpredictable if these fields are longer than the limits
specified above.
Little learning is dangerous!