HPE Community
Operating System - HP-UX
1825693 Members
3311 Online
109686 Solutions
New Discussion

Re: restricted ftp

 
SOLVED
Go to solution
Clara Rowe
Frequent Advisor

‎05-22-2003 07:47 AM

‎05-22-2003 07:47 AM

restricted ftp

Hello Experts. We have been using ftp on our HP-UX systems for a long time. We are able to prevent ftp users from going anywhere on the system but the directory they are assigned by using the ftpaccess file. We are now using AIX as well, but are having difficulty creating the same restrictions (The user is able to cd all the way back to root and anywhere else they want to go). Any information you can provide will be greatly appreciated.

Clara
Take time to smell the roses.
0 Kudos
Reply
7 REPLIES 7
James A. Donovan
Honored Contributor

‎05-22-2003 07:49 AM

‎05-22-2003 07:49 AM

Solution

Re: restricted ftp

I would suggest giving these "how-to" guides a look.

http://www.wu-ftpd.org/HOWTO/
Remember, wherever you go, there you are...
Reply
Steven E. Protter
Exalted Contributor

‎05-22-2003 08:36 AM

‎05-22-2003 08:36 AM

Re: restricted ftp

The area you want to look at is called chroot

Putting ftp users in a chroot jail will mean their login directory will be their root. They will not have access to any other part of the system.

Here is a link. or two.

This thread links to the solution.

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xd62a06350fe2d61190050090279cd0f9,00.html

ftpaccess config.
http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B2355-90696/B2355-90696_top.html&con=/hpux/onlinedocs/B2355-90696/00/00/36-con.html&toc=/hpux/onlinedocs/B2355-90696/00/00/36-toc.html&searchterms=ftp%7cconfiguration%7cchroot&queryid=20030522-103448

http://search.hp.com/redirect.html?url=http%3A//forums.itrc.hp.com/cm/QuestionAnswer/1,,0x4573abe92dabd5118ff10090279cd0f9,00.html&qt=chroot+%2Bftp+%2Bconfiguration&hit=3

http://search.hp.com/redirect.html?url=http%3A//forums.itrc.hp.com/cm/QuestionAnswer/1,,0x3b9093e260b0d611abdb0090277a778c,00.html&qt=chroot+%2Bftp+%2Bconfiguration&hit=4

Good luck, there should be a solution there.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Mark Greene_1
Honored Contributor

‎05-22-2003 08:59 AM

‎05-22-2003 08:59 AM

Re: restricted ftp

AIX has chroot already installed. This info from the AIX man page for ftp show what rules to setup to limit ftp access:

When handling an anonymous FTP user, the server performs the chroot command in the home directory of the FTP user account. For greater security, implement the following rules when you construct the FTP subtree:

~ftp Make the home directory owned by root and mode r-xr-xr-x (555).
~ftp/bin Make this directory owned by the root user and unwritable by anyone. The ls program must be present in this directory to support the list command. This program should have mode 111.
~ftp/etc Make this directory owned by the root user and unwritable by anyone.
~ftp/pub Make this directory mode 777 and owned by FTP. Users should then place files that are to be accessible through the anonymous account in this directory.

Note: The shell script /usr/samples/tcpip/anon.ftp uses the above rules to set up the anonymous FTP account for you.


HTH
mark
the future will be a lot like now, only later
0 Kudos
Reply
Clara Rowe
Frequent Advisor

‎05-22-2003 09:27 AM

‎05-22-2003 09:27 AM

Re: restricted ftp

I appreciate the quick response. Mark I have looked at and set up the anonymous ftp part, that works. I guess what I really need to know is how I can set up ftp that is not anonymous but still restricted. I have created an account and set up a home like the document mentions for anonymous but can not get it to be restricted. I also created an account and had its home point to the anonymous ftp home and it still can move around.
Take time to smell the roses.
0 Kudos
Reply
Mark Greene_1
Honored Contributor

‎05-22-2003 09:45 AM

‎05-22-2003 09:45 AM

Re: restricted ftp

Clara,

Basically you have to use the chroot command to setup the users account to mirror the setup that is done for anonymous. See the man page for choot for more details. Here's an on-line copy:

http://publib16.boulder.ibm.com/pseries/en_US/cmds/aixcmds1/chroot.htm#a2729d5

mark
the future will be a lot like now, only later
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎05-22-2003 12:01 PM

‎05-22-2003 12:01 PM

Re: restricted ftp

You should not confuse anonymous with secure. Kind of like confusing gun and "fired bullet".

First, I am 99% sure that the FTP daemon shipped with AIX does not support a chrooted environment. You can search around at "www.ugu.com" under their AIX section and find a download site for WU_FTP, complete with installation instructions.

After wu_ftpd is installed, use the instructions you can find here for setting up a chrooted environment.

If your unable to find wu-ftp for AIX, let me know and I'll try and post a link.

Regards,
Shannon
Microsoft. When do you want a virus today?
Reply
Tim Nelson
Honored Contributor

‎05-23-2003 05:45 AM

‎05-23-2003 05:45 AM

Re: restricted ftp

I have found ProFtpd to be a much better FTP server than wuFTP. Configuration is like Apache and the config options are endless.
proftpd.org .
If I got it to work on HPUX there should be no problem on AIX.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.