HPE Community
Operating System - HP-UX
1823119 Members
3324 Online
109646 Solutions
New Discussion юеВ

Re: want to setup ftpaccess ftp login but access denied

 
SOLVED
Go to solution
Frank de Vries
Respected Contributor

тАО10-17-2005 06:39 PM

тАО10-17-2005 06:39 PM

want to setup ftpaccess ftp login but access denied

Hi,
I saw an interesting link on this forum with something I wanted to do for a long time.
So I decided to do that too and I had a go at it but to no avail, what am I doing wrong ?

C:\>ftp orasrv2
Connected to orasrv2.vwb.be.
220 orasrv2.vwb.be FTP server (Version 1.1.214.9 Wed Dec 17 11:41:58 GMT 2003) ready.
User (orasrv2.vwb.be:(none)): guest1
530 User guest1 access denied...
Login failed.
ftp>

My ftpaccess file contents:
class all,real guest*
guestgroup web www
noretrieve /etc/passwd core

(BTW I took this from a previous link on this forum: http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=713226 )


my inetd.conf entry:
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -v -a -t 250

my password file entry:
guest1::124:104:Guest Account:/ftp/./incoming:/usr/bin/false

my group file entry for 104:
[root@orasrv2:]/etc<>>> grep 104 group
web::104:
[root@orasrv2:]/etc<>>>

my /etc/ftpd/ftpusers file is currently empty.

I ran inetd -c several times now as well as
[root@orasrv2:]/etc/ftpd<>>> /sbin/init.d/inetd stop
Internet Services stopped
[root@orasrv2:]/etc/ftpd<>>> /sbin/init.d/inetd start
Internet Services started
[root@orasrv2:]/etc/ftpd<>>>
To no avail until now.

Thanks
Look before you leap
0 Kudos
14 REPLIES 14
Frank de Vries
Respected Contributor

тАО10-17-2005 06:41 PM

тАО10-17-2005 06:41 PM

Re: want to setup ftpaccess ftp login but access denied

Oh, before I forget,
my /etc/shells looks like this:

[root@orasrv2:]/etc<>>> more shells
/bin/false
/sbin/sh
/usr/bin/ksh
/usr/bin/sh

[root@orasrv2:]/etc<>>>

Look before you leap
0 Kudos
Arunvijai_4
Honored Contributor

тАО10-17-2005 06:50 PM

тАО10-17-2005 06:50 PM

Re: want to setup ftpaccess ftp login but access denied

Can you check this doc ?

http://docs.hp.com/en/B2355-90778/ch02.html
[Configuring FTP]

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Muthukumar_5
Honored Contributor

тАО10-17-2005 06:50 PM

тАО10-17-2005 06:50 PM

Re: want to setup ftpaccess ftp login but access denied

guest1::124:104:Guest Account:/ftp/./incoming:/usr/bin/false

It is the problem.

Change /usr/bin/false to some shell type as,

guest1::124:104:Guest Account:/ftp/./incoming:/sbin/sh

You have to control users by /etc/ftpd/ftpusers file only.

hth.
Easy to suggest when don't know about the problem!
0 Kudos
GGA
Trusted Contributor

тАО10-17-2005 06:53 PM

тАО10-17-2005 06:53 PM

Re: want to setup ftpaccess ftp login but access denied

hello

what i see is that ur login shell for the user is /usr/bin/false ...

if u like to login with this user u must give him a shell

regards gga
0 Kudos
Frank de Vries
Respected Contributor

тАО10-17-2005 06:58 PM

тАО10-17-2005 06:58 PM

Re: want to setup ftpaccess ftp login but access denied

I have tried your suggestion and
changed the shell
guest1::124:104:Guest Account:/ftp/./incoming:/sbin/sh

and run inetd -c (don't know if that
was realy necessary ?)

Still get
C:\>ftp orasrv2
Connected to orasrv2.vwb.be.
220 orasrv2.vwb.be FTP server (Version 1.1.214.9 Wed Dec 17 11:41:58 GMT 2003) ready.
User (orasrv2.vwb.be:(none)): guest1
530 User guest1 access denied....
Login failed.
ftp>

Has it something to do with the permissions
on the home directory ftp ?
[root@orasrv2:]/<>>> ls -ld ftp
drwxr-xr-x 2 root sys 96 Oct 18 08:04 ftp
[root@orasrv2:]/<>>>

regards
Look before you leap
0 Kudos
Muthukumar_5
Honored Contributor

тАО10-17-2005 07:03 PM

тАО10-17-2005 07:03 PM

Re: want to setup ftpaccess ftp login but access denied

Try as,

# telnet orasrv2
with guest1 account. Are you able to login.

# Can you post information of guest1 user group information.

id guest1
logins -ux for guest1 entry

hth.


Easy to suggest when don't know about the problem!
0 Kudos
Frank de Vries
Respected Contributor

тАО10-17-2005 07:08 PM

тАО10-17-2005 07:08 PM

Re: want to setup ftpaccess ftp login but access denied

with su - guest1 it works fine,
but indeed with telnet I get an error:


HP-UX orasrv2 B.11.00 U 9000/800 (tb)

login: guest1
Unable to change directory to "/home/ftp/./incoming"
Logging in with home = "/".
Please wait...checking for disk quotas
[guest1@orasrv2]:/==>

[guest1@orasrv2]:==>id
uid=124(guest1) gid=104(web)
[guest1@orasrv2]:==>

I am logged in but the message above
to me is not understandable sofar.
What can I do to correct it ?
Thanks
Look before you leap
0 Kudos
Muthukumar_5
Honored Contributor

тАО10-17-2005 07:09 PM

тАО10-17-2005 07:09 PM

Re: want to setup ftpaccess ftp login but access denied

Change /etc/passwd entry of guest1 to,

guest1::100:92:Guest Account:/ftp/./incoming:/etc/ftponly

It will work.

hth.
Easy to suggest when don't know about the problem!
0 Kudos
Arunvijai_4
Honored Contributor

тАО10-17-2005 07:11 PM

тАО10-17-2005 07:11 PM

Re: want to setup ftpaccess ftp login but access denied

It clearly says, it can't find /home/ftp/./incoming.. Try changing it to some other dir like /tmp/test and see what happenes..

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Frank de Vries
Respected Contributor

тАО10-17-2005 07:20 PM

тАО10-17-2005 07:20 PM

Re: want to setup ftpaccess ftp login but access denied

That was a good idea ,
I create /tmp/test , did a chmod 775 and
chown guest1:web /tmp/test.

Then I tried a telnet:

HP-UX orasrv2 B.11.00 U 9000/800 (tb)

login: guest1
Unable to change directory to "/home/ftp/./tmp/test"
Logging in with home = "/".
Please wait...checking for disk quotas
[guest1@orasrv2]:/==>

Sorry, but I don't see my error.

Indeed there is not directory:
/home/ftp/./tmp/test
so if you follow the logic of the error
then correct, however it just don't make
sense to me.

It seems to be misinterpreting the entry in
the password file, which now looks like this:
guest1::124:104:Guest Account:/home/ftp/./tmp/test:/sbin/sh

I guess the cause of the error is on this line, but I can't see what.
Hope one of you can.


Look before you leap
0 Kudos
Muthukumar_5
Honored Contributor

тАО10-17-2005 07:49 PM

тАО10-17-2005 07:49 PM

Re: want to setup ftpaccess ftp login but access denied

Do you want to create anonymous ftp access account? If so use /etc/ftponly as shell type.

guest1::124:104:Guest Account:/home/ftp/./tmp/test:/sbin/sh

In the /etc/passwd file, the sample entry is:

guest1::100:92:Guest Account:/ftp/./incoming:/etc/ftponly

When guest1 successfully logs in, the ftp server will chroot
(/ftp) and then chdir (/incoming). The guest user will only be
able to access the directory structure under /ftp (which will
look and act as / to guest1), just as an anonymous FTP user
would.

Refer ftpaccess man page. It will work.

hth.
Easy to suggest when don't know about the problem!
0 Kudos
Frank de Vries
Respected Contributor

тАО10-17-2005 07:51 PM

тАО10-17-2005 07:51 PM

Re: want to setup ftpaccess ftp login but access denied

combining bits and pieces of our advice and
some creative thinking on my part I
got it to work. (can I explain ? maybe later, good thing is I got result)

For me this worked:
entry password file (using rksh):
guest1:6vS/O71pYExuI,./:124:104:guest ftp,,,:/home/guest1/./:/usr/bin/rksh

entry ftpaccess:
[root@orasrv2:]/etc/ftpd<>>> more ftpaccess
#autogroup users class1
autogroup root class2
class class2 real 10.214*
class class1 guest* 10.214*
guestgroup web
#guestgroup users
#guestgroup root
noretrieve /etc/passwd core

And voila ...

C:\>ftp orasrv2
Connected to orasrv2.vwb.be.
220 orasrv2.vwb.be FTP server (Version 1.1.214.9 Wed Dec 17 11:41:58 GMT 2003) ready.
User (orasrv2.vwb.be:(none)): guest1
331 Password required for guest1.
Password:
230 User guest1 logged in. Access restrictions apply.
ftp> ll
Invalid command.
ftp> pwd
257 "/" is current directory.
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for file list.
.cshrc
.exrc
.login
.profile
.sh_history
226 Transfer complete.
ftp: 46 bytes received in 0,00Seconds 46000,00Kbytes/sec.
ftp>

I will now allocate points,
thanks to all, but it could
have been monday morning :) :)

c u
Fr.
Look before you leap
0 Kudos
Borislav Perkov
Respected Contributor

тАО10-17-2005 07:59 PM

тАО10-17-2005 07:59 PM

Solution

Re: want to setup ftpaccess ftp login but access denied

Hi Frank,

You have to be sure that the /usr/bin/false is also coded in /etc/shells or it exists.
I make my ftp guest accounts usualy with /usr/bin/rsh, restricted shell, you can try it also.
Regards,
Borislav
0 Kudos
Frank de Vries
Respected Contributor

тАО10-17-2005 08:00 PM

тАО10-17-2005 08:00 PM

Re: want to setup ftpaccess ftp login but access denied

for the record
I wanted a real ftp login (not anonymous).

What do we do without the tons
of documentation hey , especially if
one digest system is rather slow to catch on,
and a more hands-on approach is requested (thanks god for this forum)
but hell not your problem init !!
So just keep sending tons more docs , until
I choke !!

Nice one matey ...
Have a nice day on me .
:) :)
The double duth man
Look before you leap
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.