HPE Community
Operating System - HP-UX
1849081 Members
7241 Online
104041 Solutions
New Discussion

HP 11i ftp pickle

 
SOLVED
Go to solution
Don Ferderber_1
Occasional Advisor

‎02-20-2004 03:02 AM

‎02-20-2004 03:02 AM

HP 11i ftp pickle


I have set up our user to only have ftp access to our machine i.e
::104:515:"Blah":/NGCS/./gsds:/bin/false

The above works as intended however the problem that I amencountering is some users from our old machine had rlogin ability and they used to have access to the cksum command. However in the 11i environment we have set them up to only have the ftp login. My question is .... is there a way to include cksum as a command they can run from their ftp prompt?

Thanks in advance for the help..
0 Kudos
Reply
6 REPLIES 6
Steven E. Protter
Exalted Contributor

‎02-20-2004 03:12 AM

‎02-20-2004 03:12 AM

Re: HP 11i ftp pickle

I think the chksum command requires shell access.

Of course the fact your older ftp users had access tells me one of two things:

1) They had shell access(unlikely)
2) The configuration is built into the older machine, not the new.

check the ftpaccess file and the home directories of those ftp users for clues to how it was done.

It may however been eliminated from the ftp distribution due to security concerns. ftp users should not be given commands without great consideration.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Don Ferderber_1
Occasional Advisor

‎02-20-2004 03:31 AM

‎02-20-2004 03:31 AM

Re: HP 11i ftp pickle


My bad .. they did have ristricted shell access before. The new machine does not have that setup. My questions was .. is there a way to configure the ftp logins to allow for this command.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎02-20-2004 03:46 AM

‎02-20-2004 03:46 AM

Re: HP 11i ftp pickle

I don't think so.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Don Ferderber_1
Occasional Advisor

‎02-20-2004 03:49 AM

‎02-20-2004 03:49 AM

Re: HP 11i ftp pickle

Anyone else?
0 Kudos
Reply
Chris Vail
Honored Contributor

‎02-20-2004 04:14 AM

‎02-20-2004 04:14 AM

Solution

Re: HP 11i ftp pickle

Without a shell, there is no way to login. Without a login, there is no .profile, no way to execute a command. Without a shell, a command has nothing to spawn it, nothing to report standard out or standard error.

You might be able to dummy up something using cron to run cksum against any new files, and then mail the results. Another way would be to re-write your own customized version of ftp--one that included the cksum command.

If your users MUST have the cksum command, they'll need some kind of shell, albeit a restricted or secure one.

Chris
Reply
Bill Hassell
Honored Contributor

‎02-20-2004 04:41 AM

‎02-20-2004 04:41 AM

Re: HP 11i ftp pickle

The SITE command allows some commands, but it can be limited or disabled at the remote side. Using the site help command between two HP-UX boxes shows:

site help
UMASK CHMOD GROUP NEWER INDEX ALIAS GROUPS
IDLE HELP GPASS MINFO EXEC CDPATH

So you could change the permissions of a file with:

site chmod /dir/some_file

but general commands like those found in /usr/bin are not available. So you'll probably have to implement an ssh connection (preferred over rlogin or rexec) to gain access to cksum.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.