HPE Community
Operating System - HP-UX
1832791 Members
2899 Online
110045 Solutions
New Discussion

Re: having an issue with restricted ftp

 
SOLVED
Go to solution
Christine Hartman
Valued Contributor

‎06-01-2006 04:49 AM

‎06-01-2006 04:49 AM

having an issue with restricted ftp

i have setup ftpacces with guestgroup "ftponly", I have setup inetd.conf with -a option to read ftpaccess file, i have setup passwd file entries to have "/home/user/./", i have setup /etc/shells to include /usr/bin/false, and i have the patch PHNE_30990. When users login they are still able to cd to other directories like /tmp or /home. I have the exact same setup on 2 other servers and the restriction works there..as a matter of fact i copied over the entire /etc/ftpd area over to this server. I have also made sure that the ftp users are part of the ftponly group.

Any ideas?
0 Kudos
17 REPLIES 17
Joseph C. Denman
Honored Contributor

‎06-01-2006 05:03 AM

‎06-01-2006 05:03 AM

Re: having an issue with restricted ftp

This may seem silly, but did you bounce inetd once you made the configuration changes?


/sbin/init.d/inetd stop
/sbin/init.d/inetd start


...jcd...
If I had only read the instructions first??
0 Kudos
Christine Hartman
Valued Contributor

‎06-01-2006 05:06 AM

‎06-01-2006 05:06 AM

Re: having an issue with restricted ftp

i did do a HUP and also tried inetd -c :) not a silly question at all
0 Kudos
john korterman
Honored Contributor

‎06-01-2006 06:21 AM

‎06-01-2006 06:21 AM

Re: having an issue with restricted ftp

Hi Christine,

do the users see a message like "access restrictions apply" when they establish the ftp connection?
If not, all the whole ftpaccess configuration is disregarded.

Try changing the user's start up shell from "usr/bin/false" - which I assume it is - to a normal shell and then establish a telnet connection in order to see in which directory you land.

regards,
John K.
it would be nice if you always got a second chance
0 Kudos
Christine Hartman
Valued Contributor

‎06-01-2006 06:32 AM

‎06-01-2006 06:32 AM

Re: having an issue with restricted ftp

interesting...i changed the startup shell as you suggested and when i login as that user, it puts me in the correct directory but my $PWD is: /home/ftpudata/username/./

and no...you are right when an ftp session is initiated it does NOT say restrictions apply. So what am i missing?

So bazaar..it works on the other 2 servers..but not this one?
0 Kudos
john korterman
Honored Contributor

‎06-01-2006 06:44 AM

‎06-01-2006 06:44 AM

Re: having an issue with restricted ftp

Hi again,

you say that the ftp users are part of the ftponly group. Is that group configured as a guestgroup? This is normally configured near the bottom of the ftpaccess file.


regards,
John K.
it would be nice if you always got a second chance
0 Kudos
Joseph C. Denman
Honored Contributor

‎06-01-2006 08:13 AM

‎06-01-2006 08:13 AM

Re: having an issue with restricted ftp

It sure sound like it is ignoring the ftpaccess file. Please double check the inetd.conf file has the -a option. Maybe copy it for the other server if identical. then restart inetd.

...jcd...
If I had only read the instructions first??
0 Kudos
john korterman
Honored Contributor

‎06-01-2006 08:38 AM

‎06-01-2006 08:38 AM

Re: having an issue with restricted ftp

Hi,

forgot to tell that you should have checked the users' group byt the "id" command when you had changed their login program to a normal shell - are they in ftponly?

regards,
John K.
it would be nice if you always got a second chance
0 Kudos
Christine Hartman
Valued Contributor

‎06-01-2006 09:07 AM

‎06-01-2006 09:07 AM

Re: having an issue with restricted ftp

inetd.conf DOES have the -a option...i have also tried just copying exact line from other server over...and issued an inetd -c afterwards.

Note that these users are all part of ftponly group...but it is their secondary group not their primary group. This is also the same setup as the other 2 servers that DO work properly.
below is the ftpaccess file that is being used on all 3 servers:
#
class other guest,real *

banner /etc/issue

limit anonx 10 Any /lbin/lib/system/anon.msg
limit other 20 Any /lbin/lib/system/limit.msg

message /etc/motd LOGIN
message .LOGIN LOGIN

compress yes *
tar yes *

log commands real,guest
log transfers real,guest inbound,outbound

passwd-check rfc822 enforce

chmod yes guest,real
delete yes guest,real
overwrite yes guest,real
rename yes guest,real
umask yes guest,real

guestgroup ftponly

private no

suppresshostname yes
suppressversion yes
0 Kudos
Christine Hartman
Valued Contributor

‎06-01-2006 09:09 AM

‎06-01-2006 09:09 AM

Re: having an issue with restricted ftp

below is the output of the id command you were questioning:

usepud06#/home/ftpudata/ftpdso/./>id
uid=4141(ftpdso) gid=102(oaa) groups=4018(ftponly)

and here is the entry in the inetd.conf file

ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -u0000 -t900 -T900 -L -i -o -a -P -p
0 Kudos
john korterman
Honored Contributor

‎06-02-2006 06:34 AM

‎06-02-2006 06:34 AM

Solution

Re: having an issue with restricted ftp

Hi,

I would guess that "ftponly" must be the default group for attempted ftp users in your case; try creating a user like the others, but with the difference that his default - and only group membership - is "ftponly".


regards,
John K.
it would be nice if you always got a second chance
0 Kudos
Darrel Louis
Honored Contributor

‎06-02-2006 07:33 AM

‎06-02-2006 07:33 AM

Re: having an issue with restricted ftp

Christine,

Did you setup a Anounymous FTP account and copied the ~ftp/usr and ~ftp/etc to the users directory.

Can you also create a new ftp line in your /etc/inetd.conf
or
a new inetd.conf file with just the following line:
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -a -v

Darrel
0 Kudos
Joseph C. Denman
Honored Contributor

‎06-05-2006 05:25 AM

‎06-05-2006 05:25 AM

Re: having an issue with restricted ftp

ftponly is secondary group??? What OS version are you running? I remember back in the day, we use to have to link /etc/logingroup to /etc/group?

...jcd...
If I had only read the instructions first??
0 Kudos
Christine Hartman
Valued Contributor

‎06-06-2006 04:29 AM

‎06-06-2006 04:29 AM

Re: having an issue with restricted ftp

we running HPUX 11.11...it looks like if I create a user with the primary group membership of ftponly..then it works as I expect...with ftp restrictions, etc. But if ftponly is the secondary group...then it does NOT work. Funny...because it is setup with ftponly as secondary group membership on 2 other servers....and it works fine...so why not this server? Ideas?
0 Kudos
Christine Hartman
Valued Contributor

‎06-06-2006 04:35 AM

‎06-06-2006 04:35 AM

Re: having an issue with restricted ftp

i tried inetd.conf with ftpd -l -a -v entry...no change.
0 Kudos
jhingoor
Frequent Advisor

‎06-12-2006 03:36 AM

‎06-12-2006 03:36 AM

Re: having an issue with restricted ftp

Check out this attachment...it should finally resolve all your queries.....It has worked for me excellently..........
0 Kudos
Christine Hartman
Valued Contributor

‎06-21-2006 11:04 AM

‎06-21-2006 11:04 AM

Re: having an issue with restricted ftp

this issue was resolved when i included the primary group in the guestgroup list...previously i had ftponly as the secondary group and in the guestgroup list...now that both primary and secondary are both in guestgroup list restricted ftp works...still doesn't explain why it works on the other 2 systems though..as they are all 3 setup the same...but I'm ok with accepting anomolies sometimes. I'll close thread...thanks for everyone's help on this.
0 Kudos
Christine Hartman
Valued Contributor

‎06-21-2006 11:04 AM

‎06-21-2006 11:04 AM

Re: having an issue with restricted ftp

thread closed now
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.