HPE Community
Operating System - HP-UX
1849181 Members
8253 Online
104041 Solutions
New Discussion

Restricting ftp on HP 11.0

 
SOLVED
Go to solution
William McElvain
Advisor

‎03-09-2004 09:25 AM

‎03-09-2004 09:25 AM

Restricting ftp on HP 11.0

I want to restrict ftp access for a user to only allow them to upload and download to their home directory. Can this be done by configuring ftpaccess?
0 Kudos
Reply
4 REPLIES 4
Steven E. Protter
Exalted Contributor

‎03-09-2004 09:35 AM

‎03-09-2004 09:35 AM

Re: Restricting ftp on HP 11.0

You should use the shell /usr/bin/false in /etc/passwd

That will prevent shell logins.

Two links to help you.

http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B2355-90696/B2355-90696_top.html&con=/hpux/onlinedocs/B2355-90696/00/00/36-con.html&toc=/hpux/onlinedocs/B2355-90696/00/00/36-toc.html&searchterms=chroot%7cftpaccess&queryid=20040309-153446

http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/5969-4306/5969-4306_top.html&con=/hpux/onlinedocs/5969-4306/00/00/4-con.html&toc=/hpux/onlinedocs/5969-4306/00/00/4-toc.html&searchterms=chroot%7cftpaccess&queryid=20040309-153446

Take a look at chroot configuration in those links.

Air tight, meets your needs.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Sridhar Bhaskarla
Honored Contributor

‎03-09-2004 09:39 AM

‎03-09-2004 09:39 AM

Solution

Re: Restricting ftp on HP 11.0

Hi William,

Yes.

You will need to basically setup a user with the default shell of /usr/bin/false. This way user will not be able to logon to the server. Add /usr/bin/false to /etc/shells.

Make the user's home directory as chrooted one. For ex

grep test /etc/passwd
test:*:10101:2000::/home/test/./:/usr/bin/false

grep guest /etc/group
guest::2000

Now add the following entries to your ftpaccess file

guestgroup guest

Now try ftp'ing as 'test'.

It should say "Access restrictions Apply". In the ftp session try 'cd /usr' etc., You shouldn't get to those directories.

There are further restrictions you can apply to this user like no delete , no chmod etc., for this guest group. Man page should give you more details.

-Sri






You may be disappointed if you fail, but you are doomed if you don't try
Reply
Sundar_7
Honored Contributor

‎03-09-2004 09:45 AM

‎03-09-2004 09:45 AM

Re: Restricting ftp on HP 11.0

1) Edit /etc/inetd.conf and make ftpd to use /etc/ftpaccess

ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -a

2) # inetd -c

3) # groupadd -g 999 onlyftp

4) # useradd -g 999 -m -s /usr/bin/false ftptest

5) # echo "/usr/bin/false" >> /etc/shells

6) # cp /usr/newconfig/etc/ftpd/examples/ftpaccess /etc/ftpd/

7) vi /etc/ftpd/ftpaccess

guestgroup onlyftp

8) done
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
Dave La Mar
Honored Contributor

‎03-09-2004 10:24 AM

‎03-09-2004 10:24 AM

Re: Restricting ftp on HP 11.0

Gee, just sent this out today on another thread.
Attached are the HP docks we used to accomplish what you are attempting.

Best of luck.

Regards,

dl
"I'm not dumb. I just have a command of thoroughly useless information."
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.