HPE Community
Operating System - HP-UX
1833323 Members
3035 Online
110051 Solutions
New Discussion

Re: restrict user to specific ftp directory

 
Jade Bulante
Frequent Advisor

‎05-02-2003 04:25 PM

‎05-02-2003 04:25 PM

restrict user to specific ftp directory

I have a directory /caredev/data/EC.HCFA.IB that I would like a user to use as his home directory. I want him to read and write to this directory but must not be allowed to go up to data. In other words, lock him to that specific directory. Can anybody help me?
0 Kudos
Reply
3 REPLIES 3
Bill Douglass
Esteemed Contributor

‎05-03-2003 06:55 AM

‎05-03-2003 06:55 AM

Re: restrict user to specific ftp directory

Set up an ftpaccess file (man ftpaccess) with class and guestgroup entries:

class ALL real *
class GUEST guest *
guestgroup ftpjail


Create a group in /etc/group called ftpjail and make your user a member of it.

Set up the users home directory as you would for anonymous ftp (man ftpd). Mainly, have //sbin/ls copied to usr/bin in the home directory, and provide a limited passwd and group file in etc/ in the home directory.

Finally, add the -a option to ftpd in /etc/inetd.conf and restart inetd.

Once everything is configured correctly, your users should be chroot-ed to their home directory and not allowed to move above it. He will have normal permissions in that directory, but it willlook like the root (/) directory to him.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎05-03-2003 06:40 PM

‎05-03-2003 06:40 PM

Re: restrict user to specific ftp directory

For a user, change his/her shell in /etc/passwd to rsh(restricted shell)

The user when logged in to their home directory, it will appear to them that they are in the root. Access will be limited to the home directory.

Any applications you want them to run via telnet can still be run, its the cd command that will fail.

chroot() in the ftp profile of ftp users will limit them to the filesystem you have designated as the home for your ftp server. This is now aononymous ftp works, but regular ftp can work the same way.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Yogeeraj_1
Honored Contributor

‎05-03-2003 07:16 PM

‎05-03-2003 07:16 PM

Re: restrict user to specific ftp directory

hi,

See my post at:
http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xc736b941255cd71190080090279cd0f9,00.html

and the configuration steps at:

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xa36c7d4cf554d611abdb0090277a778c,00.html
http://forums.itrc.hp.com/cm/components/FileAttachment/0,,0x13c94e49c5cdd5118ff40090279cd0f9,00.txt


hope this helps!
Yogeeraj

No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.