1825219 Members
4438 Online
109679 Solutions
New Discussion юеВ

restrict ftp

 
Jose Ramirez_6
Advisor

restrict ftp

good mornig.

I had problem when used the file ftpaccess,

I need to create an user, for example cdf, with the same caracteristic as the user anonymous.

thank you for help me.
JRM.
jose ramirez
6 REPLIES 6
Christopher McCray_1
Honored Contributor

Re: restrict ftp

Hello,

First, create an account (cdf) and give it a unique group id (i.e guestgroup).

In your ftpaccess file, create a class for this user and insert the guestgroup line:

class interfaces guest or , etc.

guestgroup

Then edit your /etc/passwd to giv it a chrooted home dir:

cdf:*:123:456::/home/cdf/./:/bin/false (make sure the default shell is present in /etc/shells.

Then make any appropriate entries in ftpaccess:

upload /home/cdf /incoming yes cdf 0660 dirs
upload /home/cdf / no

Also, mkdir usr/bin under the user's home directory and copy /usr/bin/ls into it and make $HOME/usr $HOME/usr/bin and $HOME/usr/bin/ls 555 permissions.

In case I forgot anything, look at these docs:

http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000062906536

http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000063248362

Others may be obtained using the keywords "ftpaccess" and "ftp only"

Hope this helps

Chris
It wasn't me!!!!
Jose Ramirez_6
Advisor

Re: restrict ftp

I have done the change in the configuration and when i execute the command ftp with the user cdf the system reply with

550 Can't set guest privileges.

thank you for help me.
jose ramirez
john korterman
Honored Contributor

Re: restrict ftp

Hi,
can send your ftpaccess file as attachment?
And also show the config line for the cdf user from /etc/passwd?

regards,
John K.
it would be nice if you always got a second chance
Rita C Workman
Honored Contributor

Re: restrict ftp

Christopher has everything perfect...except one little problem.

Do not use usr/bin/ls...

Instead copy /sbin/ls to /home/cdb/usr/bin and then chmod it.

Rgrds,
Rita


Rita C Workman
Honored Contributor

Re: restrict ftp

Christopher has everything perfect...except one little problem.

Do not use usr/bin/ls...

Instead copy /sbin/ls to /home/cdf/usr/bin and then chmod it.

Rgrds,
Rita


Christopher McCray_1
Honored Contributor

Re: restrict ftp

Hello again,

What does your line for ftpd say in /etc/inetd.conf?

ftp stream tcp nowait root /usr/local/bin/tcpd ftpd -l -v -a -L -i -o

(keep in mind I'm using tcp wrappers, so your line might say ftpd instead of tcpd)

Have you tried bouncing inetd?

# inetd -c

Could you please post your ftpaccess file as requested before?

Chris
It wasn't me!!!!