- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- How can I restrict ftp user within its home direct...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2002 09:20 AM
03-28-2002 09:20 AM
I cannot come up a solution to restrict a ftp user within its home directory. I cannot use restricted shell because I have to use /bin/false to disable its telnet... I am thinking "restricted filesystem". But I have not used it before. Can anybody tell me if there is a solution ?
Thanks
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2002 09:31 AM
03-28-2002 09:31 AM
Re: How can I restrict ftp user within its home director?
HTH
-Rusty
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2002 10:18 AM
03-28-2002 10:18 AM
Re: How can I restrict ftp user within its home director?
Try ftpaccess if the os version is 11.x. Do man ftpaccess to know more about how to configure ftpaccess to restrict the user ftp access to a system.
Hope this helps.
Regds
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2002 10:22 AM
03-28-2002 10:22 AM
Re: How can I restrict ftp user within its home director?
There is another thread at http://forums.itrc.hp.com/cm/QuestionAnswer/0,,0x8dac3fa720f3d5118ff40090279cd0f9,00.html that had the same problem. As posted by harry_d_brown_jr:
begin quoted thread -->From the man pages of ftpaccess:
In the /etc/passwd file, the sample entry is:
guest1:
When guest1 successfully logs in, the ftp server will chroot(/ftp) and then chdir (/incoming). The guest user will only be able to access the directory structure under /ftp (which will look and act as / to guest1), just as an anonymous FTP user would. <--end quoted thread
Here is a link to the ftpaccess manpage for you to look at if this didn't answer your question.
http://www.wu-ftpd.org/man/ftpaccess.html
Hope this helps.
(remember to assign points based on the amount of help a post provided, thanks)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2002 10:22 AM
03-28-2002 10:22 AM
Solution1. Make the edits to the /etc/passwd file by adding users:
ftpguest:4rL2HZkDatENY:505:125::/home/ftp/ftpguest/./:/usr/bin/false
'.' is the delimiter to determine where the chroot will be performed. In
this example, after logging in '/' will in effect be /home/ftp/ftpguest.
If the delimiter was placed between ftp and ftpguest then '/' would be
/home/ftp ftpguest was used as the account name in this example but you
could use any name you like.
2. /usr/bin/false will have to be added to the /etc/shells file.
See man(4) shells for further details
3. Make the edits to the /etc/group file
ftpgroup::125:ftpguest
- Create and set the permissions and ownership for the directory
(/home/ftp/ftpguest) to what suits you best.
4. Add an entry into the ftpaccess file. This file will most probably have
to
be copied from the /usr/newconfig/etc/ftpd/ftpaccess to /etc/ftpd/ftpaccess.
Add a guestgroup entry (in the /etc/ftpd/ftpaccess file) to allow a group
of users to be treated as 'guests'. This entry will correspond to the entry
in the /etc/group file. Here is a sample of the ftpaccess file to use guest
groups.
# specify which group of users will be treated as "guests".
guestgroup ftpgroup
5. Edit the /etc/inetd.conf file and add the '-a' option to enable ftpd to
use the ftpaccess file. Here is an example;
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -a
You will need to reconfigure inetd by running /usr/sbin/inetd -c to
reread the /etc/inetd.conf file after making the change.
6. Since this is similar to anonymous FTP in the respect that you are in a
chrooted area (the path to / is different than on your system) you will
also have to replicate the /usr/bin and /etc directories. The easiest way
to do this is to use SAM to create an anonymous FTP setup and then replicate
the /etc & /usr/bin directories into your ftp guest root directory. Here
is an example of how you would replicate the ~ftp/usr and ~ftp/etc directory
to your new ftp guest directory. We use the ftpguest user in this example.
cp -R ~ftp/usr ~ftpguest/usr
cp -R ~ftp/etc ~ftpguest/etc
At this point you should have the files and programs needed for your
ftpguest user.
** This is dependent upon where the '.' delimiter has been positioned. If
the delimiter is positioned prior to the ftp username then only the root
directory (/home/ftp) needs to contain a /usr & /etc directory structure.
If the delimiter is placed post the username then each individual user
will require this directory structure.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2002 11:04 AM
03-28-2002 11:04 AM
Re: How can I restrict ftp user within its home director?
BTW, how can I search the relevant postings before I open a new issue? Only can I use the "search" under "IT resource center"..
Crystal
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2002 12:44 PM
03-28-2002 12:44 PM
Re: How can I restrict ftp user within its home director?
Ron
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-29-2002 01:58 AM
03-29-2002 01:58 AM
Re: How can I restrict ftp user within its home director?
man ftpaccess tells you what you need to know.
regards,
Bart
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-29-2002 07:24 AM
03-29-2002 07:24 AM
Re: How can I restrict ftp user within its home director?
Maybe a little late but here here is a doc on ftp.
Richard
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-29-2002 11:24 AM
03-29-2002 11:24 AM
Re: How can I restrict ftp user within its home director?
Try these links on how to use ftpaccess to set up restricted ftp on your system,
http://us-support3.external.hp.com/cki/bin/doc.pl/sid=1a4a7fde09f171dfb0/screen=ckiDisplayDocument?docId=200000055935266
http://us-support3.external.hp.com/cki/bin/doc.pl/sid=1a4a7fde09f171dfb0/screen=ckiDisplayDocument?docId=500000000092476
Hope this helps.
Regds
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-29-2002 11:41 AM
03-29-2002 11:41 AM
Re: How can I restrict ftp user within its home director?
Just wanted to remind you to assign points if the information was helpful. Hope these ideas and suggestions were beneficial to you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-30-2002 03:00 PM
03-30-2002 03:00 PM
Re: How can I restrict ftp user within its home director?
I have tried the solutions provided, such as from Louis and Sanjay. Unfortunately, I could not get the satisfactory result. Here are the outcomes:
1. Following the steps correctly and logging with ftpguest id, I could not see any files I created under the /home/ftp/ftpguest with "ls" command.
2. Only can the "ftpguest" id ftp to the system, no any ids. (I am not sure this is because of the configuration file /etc/ftpd/ftpaccess)
3. I could not be back to the original situation: Because I did block other ids' ftp service ( refer to point 2). I removed the /etc/ftpd/ftpaccess which did not exist on the system and took out the "-a" option from /etc/inetd.conf. Even, I removed the id ftpguest and ftpgroup. In addition, I ran the "inetd -c" command....
Still I could not allow others to ftp to the system.
Should I reboot the system to fix this?
Besides, I took a look at the wu_ftpd. It doesn't describe how to configure it in detail and it is hard to follow. I prefer to the solution mentioned above...
Please point out what might be wrong with teh steps I followed...
Thanks a lot
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-30-2002 05:39 PM
03-30-2002 05:39 PM
Re: How can I restrict ftp user within its home director?
After I re-checked the steps, other ids can use the ftp now. However, the ftp id still cannot do anything, nither "put" nor "get" a file.
Does anybody have a clue?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-30-2002 11:38 PM
03-30-2002 11:38 PM
Re: How can I restrict ftp user within its home director?
Can you outline the steps you have performed and also can you attach your /etc/ftpd/ftpaccess file for us to look at.
Hope this helps.
Regds
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-31-2002 08:28 AM
03-31-2002 08:28 AM
Re: How can I restrict ftp user within its home director?
I have been working on this during my whole holidays...really drives me crazy...
I did follow all the steps in the attachment exactly. I am thinking it maybe just applies to HP-UX 11.0, not 11.i. That is the only one thing I can think of...
As to the /etc/ftpd/ftpaccess, I did not change anything after I copied it from /usr/newconfig/etc/ftpd/ftpaccess. In addition, one point here: when I went through the /var/adm/syslog/syslog.log, I found something related to the configuration "private yes" which requires /etc/ftpd/ftpgroups existing. I did change this to "private no" and gave another try, it was the same...
Please help me out, my work is due Tomorrow ...
Thanks
Crystal
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-31-2002 11:41 AM
03-31-2002 11:41 AM
Re: How can I restrict ftp user within its home director?
Your attachment did not come through. I cannot see anything in your attachment. Post your email address and i'll try to send you a sample ftpaccess frm one of my system to you tomorrow first thing in the morning.
I've got ftpaccess configured and running on a couple of my systems. It is true i'm using 11.0, but i don't think there should be any problem if you are using 11i.
If i send you the ftpaccess from my system, return your ftpaccess file as attachment to the same email address and i will try to see if i can help.
Hope this helps.
Regds
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-31-2002 06:25 PM
03-31-2002 06:25 PM
Re: How can I restrict ftp user within its home director?
The attachment I posted is the same as that of Richard's. What I can guess, the key point is the ftpaccess file. Please attach the file you are using or email me through hmy6@yahoo.com.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2002 07:58 AM
04-01-2002 07:58 AM
Re: How can I restrict ftp user within its home director?
Mr. Kivens has given you a good start for setting this up. But to copy /etc was an overstatement (..if I read his post right). Remember to fine tune your ftpaccess file.
So for ls and pwd the one thing I will mention is this:
On each account you set up and chroot (.../home/user/./:
I generally create a directory bin under each users home directory
mkdir /home/user/bin
Then I copy the following into that directory
cp /sbin/ls /home/user/bin
cp /usr/bin/pwd /home/user/bin
chown root /home/user/bin
chmod 0555 /home/user/bin
By doing the above, the 'locked down' user will be able to run the commands ls and pwd. The commands cd will only let them move within their /home directory and get and put commands will work as usual.
Hope this helps,
Rit
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2002 08:13 AM
04-01-2002 08:13 AM
Re: How can I restrict ftp user within its home director?
Read a little more .. make it simple first. Some quick things to try..
Check if you have /etc/ftpd/ftpgroups file. Remove it (you can put it back when you want to get sitepass set up..for now try removing it)
Now you need to edit your /etc/ftpd/ftpaccess file..rem out the Private line that refers to the sitepass ftpgroups..
To test & make sure your ftpaccess file is being read...create a file /etc/ftpmotd and edit it to say what ever you want to appear in the login banner..
" This is the FTP login created by Crystal..."
Now edit the /etc/ftpd/ftpaccess to
banner /etc/ftpmotd
rem out the other banner statements if you want..
Now near the bottom, there's a section called 'treat the following as guest'
Put these new users login (user_name) in this section.
Make sure your /etc/inetd.conf for the ftp line end with "-a"
ftp stream ....../lbin/ftpd ftpd -l -a
Recycle inetd (or you may want to stop/start)
/usr/sbin/inetd -c to recycle
Just some thoughts,
Rit
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2002 09:25 AM
04-01-2002 09:25 AM
Re: How can I restrict ftp user within its home director?
Thanks all of you for your input here.
I finally got it running. The problem is that the homedirecotry's permission does not allow me to look at the files or dirs below...
Hoo...I can take a rest now...
*-*