HPE Community
Operating System - HP-UX
1833772 Members
2749 Online
110063 Solutions
New Discussion

Re: Users accesing only home_directory.

 
Cristian Ramirez V._1
Occasional Contributor

‎06-10-2004 08:36 AM

‎06-10-2004 08:36 AM

Users accesing only home_directory.

Hello,
I have to do this requirement, and I have no clue.
There are 3 users: master_user, user1 and user2.
user1 and user2 have a home_directory /home/user1 and /home/user2.
user1 can read only (via ftp) from its home_directory, and user2 can read only (via ftp)from /home/user2.
On the other hand, master_user should write (via ftp) in /home/user1 and /home/user2. Then user1 and user2 should read what master_user is writing in their home_directories. But user1 shouldn't access /home/user2 and viceversa.

Any hint ??... I tried with groups for everyone, but it didn't work out.

Thanks a lot in advance.
Cristian.
0 Kudos
Reply
5 REPLIES 5
Mark Grant
Honored Contributor

‎06-10-2004 08:44 AM

‎06-10-2004 08:44 AM

Re: Users accesing only home_directory.

Seems to me that in effect, the master user may as well own the home directories of user1 and user2.

master should have a umask sufficient to allow the other two users to read files he/she creates on the group level (maybe 640)

I THINK that what you will have to do is have user1 in one group and user2 in another. Then you'll have to contrive to get master to "chgrp" (change group) to the correct one before he/she writes to it. This might be hard to achieve with ftp though.
Never preceed any demonstration with anything more predictive than "watch this"
0 Kudos
Reply
Sanjay_6
Honored Contributor

‎06-10-2004 08:46 AM

‎06-10-2004 08:46 AM

Re: Users accesing only home_directory.

Hi,

Try setting up the ftp ids using ftpaccess. Do a search on the forum if you want more help about ftpaccess. you can also do "man ftpaccess" for more help on ftpaccess.

Hope this helps.

Regds
0 Kudos
Reply
Abdul Rahiman
Esteemed Contributor

‎06-10-2004 08:49 AM

‎06-10-2004 08:49 AM

Re: Users accesing only home_directory.

Another option would be to use ACLs,

Read the man pages for,

# man setacl
and
#getacl
No unix, no fun
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎06-10-2004 09:25 AM

‎06-10-2004 09:25 AM

Re: Users accesing only home_directory.

Hi Cristian,

'ftpaccess' is the way to go. Setup user1 and user2 with chroot'ed home directories. For ex.,

user1:*:10101:20::/home/user1/./:/usr/bin/false

Add /usr/bin/false to /etc/shells file. You will also need all other shells like /usr/bin/ksh, /usr/bin/sh, /sbin/sh etc., all the valid shells into /etc/shells if you were not maintaining this file before.

when ftps, user1 will be restricted to only /home/user1 directory. So, this user cannot go anywhereelse.

However, to restrict this user further to only 'read' but not write, it is done through 'upload' directive.

Add these two users to a new group say 'guestgrp'. Add these lines into /etc/ftpd/ftpaccess file.

guestgroup guestgrp
upload /home/user1 * no
upload /home/user2 * no

-Sri

You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Cristian Ramirez V._1
Occasional Contributor

‎06-11-2004 01:59 AM

‎06-11-2004 01:59 AM

Re: Users accesing only home_directory.

Thanks to all of you guys, especially Sri. All of you have been very nice and helpful, now I am going to get hands on work.....

Cheers,
Cristian.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.