HPE Community
Operating System - HP-UX
1830657 Members
29857 Online
110015 Solutions
New Discussion

need newbie ftp server help

 
Jason Moorhead_2
Frequent Advisor

‎09-03-2002 05:04 AM

‎09-03-2002 05:04 AM

need newbie ftp server help

Hi all,

I have pretty basic questions regarding ftp server on HP-UX 11.x. First off, I am using the default ftp server (not wu-ftpd or anything else). Currently, anonymous ftp is turned off. Each user is allowed to ftp in, but is able to access the entire system through 'cd' commands, which is bad.

First question - Should I install wu-ftpd, and is there a decent install/setup guide for hp-ux?

Second - How do you restrict users access to the system, to make it where they can only upload/download in their own home dir, or maybe /tmp? I can't find any FAQ-type stuff on this.

Thanks in advance!

0 Kudos
Reply
7 REPLIES 7
James R. Ferguson
Acclaimed Contributor

‎09-03-2002 05:15 AM

‎09-03-2002 05:15 AM

Re: need newbie ftp server help

Hi:

HP-UX 11.x release include some of the Washington University features. The '/etc/ftpd/ftpaccess file is used to configure the operation of ftp. Other files that control its operation are '/etc/ftpd/ftpgroups', 'etc/ftpd/ftpconversions', 'etc/ftpd/ftphosts' and '/etc/ftpd/ftpusers'. The man pages for 11.11 provide a good overview of these features.

Regards!

...JRF...
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎09-03-2002 05:21 AM

‎09-03-2002 05:21 AM

Re: need newbie ftp server help

At 11.0, if you are up to date on patches, you already have the WU-ftpd software. If not, you may want to look at the patch levels for the entire machine. It is quite convoluted to create a 'chroot jail' for ftp users with the standard ftpd, fairly simple with WU-ftpd. Go to the itrc.hp.com page and select the top orange bar: Maintenance and Support and then select: standard patch bundles (support plus) and download the current SupportPlus packages (including diagnostics).


Bill Hassell, sysadmin
0 Kudos
Reply
Jason Moorhead_2
Frequent Advisor

‎09-03-2002 05:37 AM

‎09-03-2002 05:37 AM

Re: need newbie ftp server help

Well, I have checked patch levels, and I have PHNE_23949 installed, which gives wu-ftp capability. I have been reading the man pages for ftpusers, ftpaccess, ftpd, etc., but am even more confused than when I started. :)

With 600 users all with ftp access to all directories, what is the easiest way to restrict access to only home dirs? I still can't figure this out. Thanks again!
0 Kudos
Reply
Justo Exposito
Esteemed Contributor

‎09-03-2002 07:23 AM

‎09-03-2002 07:23 AM

Re: need newbie ftp server help

Hi Jason,

Do you know restricted korn shell (rksh)?
Try man rksh.

Regards,

Justo.
Help is a Beatiful word
0 Kudos
Reply
Rita C Workman
Honored Contributor

‎09-03-2002 11:27 AM

‎09-03-2002 11:27 AM

Re: need newbie ftp server help

Jason,

It just seems confusing, because there are different approaches and utilities presented. These are there if you want to define things that way..like ftpgroups, etc. If you created all users as you could define this group as having only guest privileges in ftpaccess. This would only affect their ftp privileges !

I set up an ftp_server on 11 that I just wanted them to ftp in and just to themselves-no cd out of their directory.
I used the chroot option, which is fairly simple...in your /etc/passwd file just vipw to edit it and add a period and a slash after their home directory:
rita::123:100:../home/rita/./:/usr/bin/ksh

Then I used the ftpaccess file to restrict the user to nothing more than group privileges.(From par#1 above) It's an option near the end of the file..
Take a look at this file and set up the options you want. Remember just start w/minimum to hold them securely where you want them.

Set up a dummy user and test with it till you get 'em just right....Don't try to do it all at once, just get them secured...then fancy it up.

Rgrds,
Rita

Remember, if your going to use the ftpaccess file you have to edit your /etc/inetd.conf file with the -a at the end, so it reads the ftpaccess file...
...I also like to log the ftp sessions to syslog so:
ftp streams.... ftpd -l -
0 Kudos
Reply
Rita C Workman
Honored Contributor

‎09-03-2002 11:30 AM

‎09-03-2002 11:30 AM

Re: need newbie ftp server help

My baby finger isn't hitting hard enough on this keyboard...it should read:

ftp streams .... ftpd -l -a

ends with that small letter a...

Rita
0 Kudos
Reply
Jason Moorhead_2
Frequent Advisor

‎09-03-2002 11:36 AM

‎09-03-2002 11:36 AM

Re: need newbie ftp server help

Thanks Rita,

That fixed what I 'thought' I needed to do. I now find out that the users also need access to a temp directory through FTP. Will access still work properly if I put a link to this directory in the home directories?

I just want to make sure they cannot go anywhere else in FTP besides /home/xxx and /tmp.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.