Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Help: ftp/telnet & restricted access only

Status
Not open for further replies.
vsunh

vsunh

Programmer
Aug 23, 2003
52
AE
I need to create a login user in Unix sysem to have only FTP access to upload files in a purticular directory & with read & write permissions in that directory only. The user should not be able to change directories, run any unix system level commands..

How the above is possible?? I tried using restricted shell "rksh", but it blocks ftp also

please reply at the earliest
 
Sort by date Sort by votes
Here's one way.

1) Use a shell name of "/bin/false" for the user ID, which prevents that user from logging in by anything but ftp.

2) Map a unique directory for that user to mount as their root so that they don't have access to the rest of the system (i.e. "/ftp/username/./public" makes "/ftp/username" their root "/" and starts them in "/public" off of that directory.)

3) Assign the user to their own unique group that has no other members. (i.e. "ftpuser1")

4) Add access permissions only for the user's group in the "/etc/ftpaccess" file (i.e. "guestgroup ftpuser1")

5) Provide only the minimum necessary commands for the user's ftp shell. Basically you copy the necessary files into a customized root structure off of their mounting point. Typically you only need to provide "/bin/ls", "/dev/socksys", "/dev/zero", "/etc/group" (a modified copy containing only groups they need), "/etc/passwd" (a modified copy containing only their login and with all encrypted passwords erased), "/lib/libprot.so.1", "/usr/lib/libc.so.1", and "/usr/lib/libsocket.so.1".

6) Shutdown and restart ftp. "ftpshut now ftpshutdown" "ftprestart"

Note: Ftp setup can be tricky. Refer to your user manual for more or the ftp man page for more info.
 
Upvote 0 Downvote
Many thanks for your reply..

I changed the shell for the user to "/usr/bin/false", it blocked telnet but also blocked ftp too..

I am using sco unix version 2.1.2..

awaiting yr feedback..
 
Upvote 0 Downvote
Check to make sure /etc/shells contains /usr/bin/false. IF it doesn't - it needs to. This will allow the user to connect via ftp. Man ftpd will give you some more info that is specific to your version.

Eric
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ziggy6
  • Locked
  • Question
Help using awk or some kind of Tool in Unix to Read a file, cut fields and write to a file
Replies
2
Views
808
mikrom
mikrom
singaaravelup
  • Locked
  • Question
Need help on UNIX
Replies
0
Views
664
singaaravelup
singaaravelup
pplearnunix46
  • Locked
  • Question
Grep Command help
Replies
1
Views
150
SamBones
SamBones
Soopa
  • Locked
  • Question
FTP Servers and Time Stamps
Replies
0
Views
140
Soopa
Soopa
Serpol
  • Locked
  • Question
Help request for a C3600 visualize
Replies
1
Views
131
Serpol
Serpol

Part and Inventory Search

Sponsor

Back
Top