HPE Community
Operating System - HP-UX
1833162 Members
3715 Online
110051 Solutions
New Discussion

Restricted FTP access

 
SOLVED
Go to solution
Dave La Mar
Honored Contributor

‎10-26-2001 12:30 PM

‎10-26-2001 12:30 PM

Restricted FTP access

I have been tasked to create an account that can ftp to our N Class 11.0 machines. This should be an ftp account only (as they have in the NT world).
This account would be restriced to a single directory with rw priviledge.
Is this possible in unix or do I need to create a regular user account?
Thanks for any input.
dl
"I'm not dumb. I just have a command of thoroughly useless information."
0 Kudos
Reply
6 REPLIES 6
harry d brown jr
Honored Contributor

‎10-26-2001 12:36 PM

‎10-26-2001 12:36 PM

Re: Restricted FTP access

Do a man on ftpaccess

You will have to create an account. And yes, unix is not NT, thank god! So you will have to create an account, even if it is an anonymous account.

live free or die

harry
Live Free or Die
0 Kudos
Reply
S.K. Chan
Honored Contributor

‎10-26-2001 12:47 PM

‎10-26-2001 12:47 PM

Re: Restricted FTP access

I would try this out ..

1) Create a normal user account (user=john group=none)
2) Put /usr/bin/false as the start-up program.
3) The entry in password file might look like this :-
john:chus5tya:233:20:,,,:/home/john/./:/usr/bin/false
4) Make sure /usr/bin/false is also coded in /etc/shells
5) Create the file /etc/ftpd/ftpaccess and put in these lines ..
class all john,guest
guestgroup none
noretrieve /etc/passwd
6) do man ftpaccess if not sure about the format.
7) # chmod 444 ftpaccess
# chown bin:bin ftpaccess
8) Edit /etc/inetd.conf & add "-a" argument to ftpd
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -a
9) # inetd -c
10) Create these sub dirs and files
1) ~john/usr
# chown ???R bin:bin usr
# chmod 555 usr
2) ~john/usr/bin
# chown root bin
# chmod 555 bin
# cp -p /sbin/ls ~john/usr/bin/ls
11) Test ..

enjoy !!
0 Kudos
Reply
someone_4
Honored Contributor

‎10-26-2001 01:48 PM

‎10-26-2001 01:48 PM

Solution

Re: Restricted FTP access

Here is a doc that I found helpfull

Richard
Reply
Sridhar Bhaskarla
Honored Contributor

‎10-26-2001 02:03 PM

‎10-26-2001 02:03 PM

Re: Restricted FTP access

Dave,

Create the account as usual but make the shell as /bin/false.

Now add /bin/false to /etc/shells file (if you don't have this file, create one).

This user can only do ftp now. He/She cannot logon to the box.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎10-26-2001 02:05 PM

‎10-26-2001 02:05 PM

Re: Restricted FTP access

Ooops. Didn't read your message completely...

Check ftpaccess manpage. It's easy. You just need to change the home directory should be of the form /./some_dir.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Dave La Mar
Honored Contributor

‎10-26-2001 04:01 PM

‎10-26-2001 04:01 PM

Re: Restricted FTP access

Thanks to all who replied. Though all were fine suggestions, I used Richard's as it was easiest for this dummy to follow.
Thanks again.
dl
"I'm not dumb. I just have a command of thoroughly useless information."
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.