HPE Community
Operating System - HP-UX
1831320 Members
3241 Online
110023 Solutions
New Discussion

Restricting ftp users - is there an inclusion file instead of exclusion?

 
SOLVED
Go to solution
Joanne Keegan
Regular Advisor

‎01-27-2002 05:32 PM

‎01-27-2002 05:32 PM

Restricting ftp users - is there an inclusion file instead of exclusion?

Hi Everyone,

I posted a question last week concerning the restricting of ftp users using the file /etc/ftpd/ftpusers. While this is all fine and good, it requires the entry of users that this service is to be denied to. Is there a method or file that lists those users who are allowed to use ftp?

The reason I'm asking is that we have a large number of users on one of our servers that we don't want to use ftp. New users are being added and removed frequently. I would like to minimise the requirement to keep the exclusion list up to date, by just having a small list of those who can ftp.

Many thanks,

Joanne
0 Kudos
Reply
4 REPLIES 4
Steven Sim Kok Leong
Honored Contributor

‎01-27-2002 05:50 PM

‎01-27-2002 05:50 PM

Re: Restricting ftp users - is there an inclusion file instead of exclusion?

Hi,

You can make use of /etc/shells. /etc/shells contains the allowed shells for FTP access.

For example, you can remove /usr/bin/sh from /etc/shells so that:

For normal users who can FTP, their login shell specified in /etc/passwd (eg. /usr/bin/csh, /usr/bin/ksh) resides in /etc/shells.

For users whom you want to exclude FTP, simply modify their login shell specified in /etc/passwd to /usr/bin/sh.

This provides you an easy way of excluding users by simply changing their login shells to /usr/bin/sh.

Hope this helps. Regards.

Steven Sim Kok Leong
0 Kudos
Reply
Sanjay_6
Honored Contributor

‎01-27-2002 07:35 PM

‎01-27-2002 07:35 PM

Re: Restricting ftp users - is there an inclusion file instead of exclusion?

Hi Joanne,

I don't think there is a file in hp-ux where you can define the users who are allowed ftp access (euivalent to the file /etc/ftpd/ftpusers - to restrict user from using ftp). You can however look at the ftpaccess configuration. Do a "man ftpaccess" to learn more about ftpaccess. You can have different group of ftp users and can restrict their ftp access.

Hope this helps.

Regds
Reply
Paula J Frazer-Campbell
Honored Contributor

‎01-28-2002 12:50 AM

‎01-28-2002 12:50 AM

Solution

Re: Restricting ftp users - is there an inclusion file instead of exclusion?

Hi Joanne

This will extract all user logins from your passwd file sending output to a work file.

Just remove the users that you require to have ftp access and save it as /etc/ftpd/ftpusers.

Once created it sould be fairly simple to add users as and when.




cat /etc/passwd | sed 's/:/ /' | awk '{print $1}' >/tmp/logins-for-ftp


HTH Paula
If you can spell SysAdmin then you is one - anon
Reply
Joanne Keegan
Regular Advisor

‎01-28-2002 11:15 AM

‎01-28-2002 11:15 AM

Re: Restricting ftp users - is there an inclusion file instead of exclusion?

Thanks Steven, Sanjay and Paula for your assistance.

Regards,

Jo
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.