HPE Community
Operating System - HP-UX
1835396 Members
2733 Online
110078 Solutions
New Discussion

Restricting change directory on WU-FTPD

 
SOLVED
Go to solution
Fandi Kurnia
Frequent Advisor

‎07-19-2010 02:11 AM

‎07-19-2010 02:11 AM

Restricting change directory on WU-FTPD

Hello all,

I need some help from you all. I using HP UX 11.23 on my machine and install WU-FTP 2.6.3 for my FTP daemon. I need some rules that can "restricting change directory" when I logged from FTP application.

Example :
I logged using user "a", working directory /home/a. I need to unable user "a" change directory (cd) from first directory.


Thanks for your attention..


Regard


Fandi Kurnia
0 Kudos
7 REPLIES 7
Danny Petterson - DK
Trusted Contributor

‎07-19-2010 02:30 AM

‎07-19-2010 02:30 AM

Re: Restricting change directory on WU-FTPD

Hi!

Im pretty sure you would do that in the /etc/passwd-file, when you define the home-directory for the user. In your example, the homedirectory should be

/home/a/./

Kind regards
Danny Petterson
0 Kudos
Fandi Kurnia
Frequent Advisor

‎07-19-2010 03:33 AM

‎07-19-2010 03:33 AM

Re: Restricting change directory on WU-FTPD

Hello Petterson,

I didn't understand with your answer, I am using WU-FTP and I wanna restrict change directory (cd) from present directory (Working Directory)



Regards

Fandi Kurnia
0 Kudos
Horia Chirculescu
Honored Contributor

‎07-19-2010 04:24 AM

‎07-19-2010 04:24 AM

Re: Restricting change directory on WU-FTPD

Hello,

I believe on wu-ftpd you can use the directive

restricted-uid a

on /etc/ftpaccess.


Best regards,
Horia.
Best regards from Romania,
Horia.
0 Kudos
Rita C Workman
Honored Contributor

‎07-19-2010 04:54 AM

‎07-19-2010 04:54 AM

Re: Restricting change directory on WU-FTPD

What you are attempting to achieve is a 'chroot' environment for ftp.

There are a few ways to do this. You can search here for 'chroot ftp' and you'll get many threads showing info on this.

Another to consider is setting up SSH to handle your FTP access and then you also provide encryption for your data, making things much safer. chroot can also be set up using sftp.
Again, there are many threads you can search for by searching adding 'sftp' to your search string. SSH is easy to install and for setting up sftp it's fairly easy too.
One tip to always remember when chroot'ing a user. They must have within their login environment everything they will need to run ftp commands. Remember you are locking them out of the rest of the system, where libraries and utilities are there for them to use, so you have to be sure their chroot environment has what they need. SSH will put these files into the user's account when you set them up as chroot'ed.

Rgrds,
Rita
0 Kudos
Steven Schweda
Honored Contributor

‎07-19-2010 05:51 AM

‎07-19-2010 05:51 AM

Re: Restricting change directory on WU-FTPD

> [...] and install WU-FTP 2.6.3 for my FTP
> daemon.

So you're _not_ using the ftpd which is
supplied with HP-UX? (Why not?)

The usual procedure is:

man ftpd

and look for "guest". (That won't completely
prohibit "cd", but it will confine the user
to the one directory tree. For example,
"cd fred" might get the user to
"/first_firectory/fred", but nothing outside
the "/first_firectory" tree.)

A Forum search should find many old similar
discussions.
0 Kudos
Danny Petterson - DK
Trusted Contributor

‎07-19-2010 11:49 PM

‎07-19-2010 11:49 PM

Solution

Re: Restricting change directory on WU-FTPD

Hi!

Well, sorry if I was to brief, here is my full "how to" for chroot using wu-ftp on HP-UX, INCLUDING the line in /etc/passwd

This procdure is only tested on 11.23. MIGHT work on 11.11 (if it uses wu-ftp), or 11 v3, but has not been tested.
===========================================
1: Add "-a" option to ftpd in /etc/inetd.conf. This option enables the use of /etc/ftp/ftpaccess

2: Restart inetd

3: Check if /bin/false is in /etc/shells. If /etc/shells does not exist, please put this in the file:
/bin/false
/usr/bin/ksh
/usr/bin/sh
/usr/bin/csh
/usr/bin/rsh
/sbin/sh
/bin/sh
/bin/csh

If any other shells are used on the system, please include them in the file.

4: Create the directory where the user(s) needs to use as ftp-root, i.e. /home/ftpusers

5: Make, if needed, a group for all ftp-users
#groupadd ftpusers

6: Make the needed users, using a cmd like this
#useradd -g ftpusers -d /home/ftpusers/./ -s /bin/false -c "fullname for user1" user1
#passwd user1

7: Change the group-owner the directory created in paragraph 4:
#chgrp ftpusers /home/ftpusers

8: Make the /etc/ftpd/ftpaccess-file look like this:
class all real,guest,anonymous *

limit all 60 Any /etc/msgs/msg.dead

readme README* login
readme README* cwd=*

message /welcome.msg login
message .message cwd=*

compress no all
tar no all

delete yes anonymous,guest # delete permission?
overwrite yes anonymous,guest # overwrite permission?
rename yes anonymous,guest # rename permission?
chmod no anonymous,guest # chmod permission?
umask no anonymous,guest # umask permission?

log commands real
log transfers anonymous,real inbound,outbound

shutdown /etc/shutmsg

email root@clu-oas.sis.personal.net.py

guestuser


..........where are the users created in paragraph 6

9: Copy the "ls" command, /sbin/ls to /home/ftpusers/usr/bin/ls
This is needed to make the user able to run "ls -l" from the ftp-prompt.

===================================

As already stated by Rita, you need to give the users access to all commmands they need in a ftp-session - in my example above, it is only "ls" - see paragraph 9 for the details, if more is needed.
0 Kudos
Fandi Kurnia
Frequent Advisor

‎07-20-2010 12:56 AM

‎07-20-2010 12:56 AM

Re: Restricting change directory on WU-FTPD

Thank all, Specially to Mr. Peterson.

My problem has been solved

Regards


Fandi Kurnia
Junior System Administrator
AIX, HPUX , LInux and Windows
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.