HPE Community
Operating System - HP-UX
1832370 Members
2731 Online
110041 Solutions
New Discussion

Securing FTP

 
David Goza
Occasional Advisor

‎09-17-2001 08:48 AM

‎09-17-2001 08:48 AM

Securing FTP

We allow some of our users to ftp from Windows 98 into
our HP 9000 to download files into Excel or Word. Is there a way I can restrict their FTP access to only certain files or directories. Right now they, when they log in to FTP, it takes them directly to certain directories, but they have full access to other areas. Does any one know how to change that?
0 Kudos
Reply
9 REPLIES 9
linuxfan
Honored Contributor

‎09-17-2001 08:53 AM

‎09-17-2001 08:53 AM

Re: Securing FTP

Hi David,

Look at the doc Richard mentions in this thread, gives you step by step method
http://forums.itrc.hp.com/cm/QuestionAnswer/1,1150,0xc9398ffa98a2d5118ff10090279cd0f9,00.html

-Regards
Ramesh
They think they know but don't. At least I know I don't know - Socrates
0 Kudos
Reply
Joseph C. Denman
Honored Contributor

‎09-17-2001 09:15 AM

‎09-17-2001 09:15 AM

Re: Securing FTP

What version of HPUX are you using?

11.0 and above, you can set up a ftpaccess file.

man ftpaccess

10.xx, I would recommend downloading wu-ftp.

...jcd...
If I had only read the instructions first??
0 Kudos
Reply
Santosh Nair_1
Honored Contributor

‎09-17-2001 09:40 AM

‎09-17-2001 09:40 AM

Re: Securing FTP

Make sure that you start up the ftpd daemon with the -a option in /etc/inetd.conf. Then set up /etc/ftpd/ftpaccess with the chroot option for your users (see the ftpaccess man page).

Hope this helps.

-Santosh
Life is what's happening while you're busy making other plans
0 Kudos
Reply
Kevin Wright
Honored Contributor

‎09-17-2001 11:36 AM

‎09-17-2001 11:36 AM

Re: Securing FTP

check out http://www.wu-ftpd.org/
this will give you step by step instructions for chrooted users and anonymous ftp..On hpux /sbin/ls is static, so the configuration is quite simple as apposed to other flavors of unix.
0 Kudos
Reply
David Goza
Occasional Advisor

‎09-17-2001 11:46 AM

‎09-17-2001 11:46 AM

Re: Securing FTP

Thanks for all the help, but I need some clarification. After reading through all the material, I can only conclude that you can give a user access to only 1 (one) directory branch setup. Is this correct? What I really need is to give a user access to more than one directory branch - our Live and our Test area but not let them ftp into any thing else. Can this be done???
0 Kudos
Reply
Joseph C. Denman
Honored Contributor

‎09-17-2001 12:16 PM

‎09-17-2001 12:16 PM

Re: Securing FTP

I believe you can create links under his home to the dirs you need him to travel.

...jcd...
If I had only read the instructions first??
0 Kudos
Reply
Sharon Prothero
Frequent Advisor

‎09-19-2001 03:32 AM

‎09-19-2001 03:32 AM

Re: Securing FTP

Instead of allowing anonymous ftp access why not give the users unix login accounts (or one to share) & then restrict what they can see using normal file permissions and/or access control lists?
0 Kudos
Reply
Ovidiu D. Raita
Valued Contributor

‎09-19-2001 07:04 PM

‎09-19-2001 07:04 PM

Re: Securing FTP

I'd have to disagree with Joseph: you cannot "escape" from the chroot directory even by creating links. The link is just and entry in the directory, is interpreted as text and appended to the chroot directory.

For example if the chroot dir is /home/ftp
and you run
ftp> cd other_dir
which is a link to /root/other_dir
then ftp will be looking for /home/ftp/root/other_dir
and not for
/root/other_dir as you would think.

You can do a short test just to verify this behaviour.

If you are able to reorganize the file systems a little bit you could create links to the chroot subdirectories (not from them to another directory).

Ovidiu
Simple solutions to complex problems
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.