HPE Community
Operating System - HP-UX
1836873 Members
2139 Online
110110 Solutions
New Discussion

Re: Restricted FTP access

 
SOLVED
Go to solution
vinod_25
Valued Contributor

‎02-20-2007 06:31 PM

‎02-20-2007 06:31 PM

Restricted FTP access

Hi Experts,

I need to create a restricted FTP user with following characteristics:

1. His home directory (/home/ftpuser) should be his root directory. i.e the ftpuser should not be able to move below his home directory.

I have tried adding /./ to his home directory in /etc/passwd but still the user is able to browse below his home directory.

2. The ftpuser should not be able to login to the system. I used the login shell as /usr/bin/false and it worked.

Here is the extract of /etc/passwd:
ftpuser:78MbM5mloIoAw:103:20::/home/ftpuser/./:/usr/bin/false

Please suggest/provide me step by step method of creating a FTP user with restricted access.

I heard that by /etc/ftpaccess entries we can achieve the same. Looking forward for your expert comments and procedures.

Points will be awarded w.r.t my query's solution :-)

Best regds,
Vinod
0 Kudos
5 REPLIES 5
Steven E. Protter
Exalted Contributor

‎02-20-2007 06:39 PM

‎02-20-2007 06:39 PM

Re: Restricted FTP access

Shalom,

It would be helpful to know your HP-UX release and that you are using the wu-fptd server that is standard.

My answer assumes this.

All you need to do is chroot your users in the ftpaccess file.

You will also have to provide the ls utility so they can list files.

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1080103

http://www.bastille-linux.org/jay/blackhat-2002-july-Attacking-and-Securing-Unix-FTP-Servers.ppt

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
john korterman
Honored Contributor

‎02-20-2007 07:02 PM

‎02-20-2007 07:02 PM

Re: Restricted FTP access

Hi Vinod,

I do not think that ftpacces can restrict the user from browsing below his own home directory; cd-restrictions only work upwards.
You would probably have to deny him access by e.g. removing the x-option from directories, but other members may bring better news!

regards,
John K.
it would be nice if you always got a second chance
0 Kudos
Ivan Krastev
Honored Contributor

‎02-20-2007 07:05 PM

‎02-20-2007 07:05 PM

Solution

Re: Restricted FTP access

See also this kb doc - http://www5.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000083049198


DocID is UARPAKBAN00000806

regards,
ivan
0 Kudos
vinod_25
Valued Contributor

‎02-20-2007 08:22 PM

‎02-20-2007 08:22 PM

Re: Restricted FTP access

Ivan,

Excellent Technical document!!! Served my purpose....

Thank you all for your timely help and direction...


Satisfactorily closing the thread ... Assigning points to all

Vinod
0 Kudos
vinod_25
Valued Contributor

‎02-20-2007 08:24 PM

‎02-20-2007 08:24 PM

Re: Restricted FTP access

Ivan's solution was brilliant and it has step by step process of creating a restricted FTP user
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.