HPE Community
Operating System - HP-UX
1833589 Members
4286 Online
110061 Solutions
New Discussion

Re: Restricting ftp acccess - stopping uploads

 
SOLVED
Go to solution
ian Dennison
Regular Advisor

‎02-01-2002 02:11 AM

‎02-01-2002 02:11 AM

Restricting ftp acccess - stopping uploads

Hi all.

Having read the man page and a multitude of Forum messages, I am no closer to resolving an ftp access issue.

User 'rdbftp' has a home directory of '/pkg/rdb03/./import', the ftpaccess file is being used, because I turned logging on and saw the resultant entries in 'syslog'.

Entries for permission denial include,...
upload /pkg/rdb03 /log no
upload /pkg/rdb03 /archive no
upload /pkg/rdb03 /scripts no

As far as I am aware, the home directory specified above will perform a 'chroot' to /pkg/rdb03, so the upload blocking should work.

Unfortunately this is not the case. I can upload data into /pkg/rdb03/log as the User.

My question is, is this
(a) a problem with the home directory setup for the User?
(b) a problem with the 'ftpaccess' configuration?
(c) something to do with anonymous ftp or guest users? OR
(d) a hint I should have brought that petrol station 3 years ago?

Points for informative hints,

Share and Enjoy! Ian Dennison
Lets do it to them before they do it to us! www.fred.net.nz
0 Kudos
Reply
5 REPLIES 5
Stefan Farrelly
Honored Contributor

‎02-01-2002 02:32 AM

‎02-01-2002 02:32 AM

Re: Restricting ftp acccess - stopping uploads


If you want to stop uploading, or writing to that directory for that user, how about simply taking write access of that directory - that should stop them uploading.
Im from Palmerston North, New Zealand, but somehow ended up in London...
0 Kudos
Reply
Vincent Stedema
Esteemed Contributor

‎02-01-2002 04:47 AM

‎02-01-2002 04:47 AM

Re: Restricting ftp acccess - stopping uploads

Hi,

According to the man page for ftpaccess(4), the first argument to the "upload" directive should be the home directory of the user.

As I understand it, your ftpaccess should read:


upload /pkg/rdb03/./import /log no
upload /pkg/rdb03/./import /archive no
upload /pkg/rdb03/./import /scripts no

Fill her up...with points :-) But only if this actually works, of course...

Grtz.

Vincent
0 Kudos
Reply
Christopher Caldwell
Honored Contributor

‎02-01-2002 04:56 AM

‎02-01-2002 04:56 AM

Solution

Re: Restricting ftp acccess - stopping uploads

There's a really good explanation of upload with examples at

http://www.wu-ftpd.org/HOWTO/upload.configuration.HOWTO

See the section entitled
Upload restrictions for guest users
Reply
ian Dennison
Regular Advisor

‎02-01-2002 05:14 AM

‎02-01-2002 05:14 AM

Re: Restricting ftp acccess - stopping uploads

Vincent - didn't work initially, but with a little bit of massaging it worked. 3 points were allocated for initial effort, please put another posting in so I can credit you with some more!

Chris - thanks for the link, it explained the problem quite well, and I was able to nut it out from there.

Out of interest, the solution was as follows,....

upload /pkg/rdb03/./import * no
upload /pkg/rdb03/./import /pkg/rdb03/import yes rdbftp rdbgroup 0660 nodirs

I.E. Deny all, but also approve literal path of directory. It seems that the home directory needs to be the literal entry from /etc/passwd.

Nanu Nanu! Ian Dennison
Lets do it to them before they do it to us! www.fred.net.nz
0 Kudos
Reply
Vincent Stedema
Esteemed Contributor

‎02-01-2002 05:51 AM

‎02-01-2002 05:51 AM

Re: Restricting ftp acccess - stopping uploads

Ian,

You solved the problem yourself, so 3 points for my answer is more than enough.

Thanx,

Vincent
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.