HPE Community
Operating System - HP-UX
1824339 Members
3350 Online
109669 Solutions
New Discussion юеВ

restricting ftp access

 
djc_1
New Member

тАО06-21-2007 02:03 AM

тАО06-21-2007 02:03 AM

restricting ftp access

Hello,
I would like to restrict the use of ftp to certain users on the system.

I know one approach is to put all the users that I don't want to have access in /etc/ftpd/ftpusers , however I would prefer to take the approach of making no one be able to use ftp and then allowing specific users to have access. This will stop me having to update /etc/ftpd/ftpusers everytime a user is added to the system.

I have looked at /etc/ftpd/ftpaccess and cannot see an obvious way of making the change as I want.

Can anyone suggest:
1)Is it possible to restrict ftp access in the way I want
2)If so how do you do it

Thanks in advance
0 Kudos
Reply
8 REPLIES 8
Richard Hepworth
Esteemed Contributor

тАО06-21-2007 02:07 AM

тАО06-21-2007 02:07 AM

Re: restricting ftp access

Hi,

You could run a job daily to add all users in /etc/passwd to the ftpusers file and exclude those that are allowed, by cross referencing your own 'allowed' list of users from a file.

regards,

Richard
0 Kudos
Reply
Court Campbell
Honored Contributor

тАО06-21-2007 02:14 AM

тАО06-21-2007 02:14 AM

Re: restricting ftp access

# man ftphosts
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
0 Kudos
Reply
Tim Nelson
Honored Contributor

тАО06-21-2007 08:01 AM

тАО06-21-2007 08:01 AM

Re: restricting ftp access

Part of my user create script is to add that user to the ftpusers file.

Another check I also had was to run a script on occasion to make sure specifs users by group were in the ftpusers file.

Many ways to skin the cat...

0 Kudos
Reply
Reshma Malusare
Trusted Contributor

тАО06-21-2007 03:17 PM

тАО06-21-2007 03:17 PM

Re: restricting ftp access

Hi,

1] /etc/ftpd/ftpaccess --> configuration file is the primary configuration file for defining how the ftpd daemon operates. It is not necessary to enable the ftpacess file inorder to run ftpd. The configuration files allow you to configure FTP features, such as the number of FTP login tries permitted, FTP banner displays, logging of incoming and outgoing file transfers, access permissions, use of regular expressions, etc.

2] Now you dont want to go for /etc/ftpd/ftpusers --> Restricts FTP access for specified users. This file shows entries which dont have access for ftp.
deny ftp access to selected users.


3]so check /etc/ftpd/ftphosts -->Lets you allow/deny FTP account access according to source IP addresses and host names.

4]/etc/ftpd/ftpgroups -->The group password file for use with the SITE GROUP and SITE GPASS commands


YOu go for third option here......

Thanks & Regards
Reshma
0 Kudos
Reply
djc_1
New Member

тАО06-21-2007 08:49 PM

тАО06-21-2007 08:49 PM

Re: restricting ftp access

Hello,
It looks like ftphosts is the way foreward. I have looked at the man page put could do with a bit more documentation on

1) how wildcards work

2) how allow and deny, in particular I assume that if I have allow such and such user from such and such host everything else is denied and if I use deny, everying that is not specied is allowed

3) how ftphosts is affected by other files, i.e does ftphosts overrule ftpusers

Is the documentation from the wuftp website relevant or is there specific hpux documentation?

Thanks you for your help so far
0 Kudos
Reply
paolo barila
Valued Contributor

тАО06-21-2007 08:55 PM

тАО06-21-2007 08:55 PM

Re: restricting ftp access

Hi,
consider using proftpd, a highly configurable GPL-licensed FTP server software

downloadble freely from hp as part of

"Internet Express for HP-UX"


Pablo
share share share
0 Kudos
Reply
Court Campbell
Honored Contributor

тАО06-22-2007 12:40 AM

тАО06-22-2007 12:40 AM

Re: restricting ftp access

I believe you can remove ftpusers. then in the ftphosts file put:

allow user1 *
allow user2 *
allow user3 *
deny * *

Try it and see.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
0 Kudos
Reply
Stefan Mirevski
Advisor

тАО11-25-2007 07:51 PM

тАО11-25-2007 07:51 PM

Re: restricting ftp access

Just a small feedback to the suggested solution.

I had a similar problem and adding

/etc/ftpd/ftphosts

with:

allow user1 *
allow user2 *
allow user3 *
deny * *

worked excellent!

I guess I cannot grant points, but at least I can give this technical feedback and say:
Thanks to all who continuously take care to help via this forum!!!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.