Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Help: ftp/telnet & restricted access only

Status
Not open for further replies.
vsunh

vsunh

Programmer
Joined
Aug 23, 2003
Messages
52
Location
AE
I need to create a login user in Unix sysem to have only FTP access to upload files in a purticular directory & with read & write permissions in that directory only. The user should not be able to change directories, run any unix system level commands..

How the above is possible?? I tried using restricted shell "rksh", but it blocks ftp also

please reply at the earliest
 
Sort by date Sort by votes
Here's one way.

1) Use a shell name of "/bin/false" for the user ID, which prevents that user from logging in by anything but ftp.

2) Map a unique directory for that user to mount as their root so that they don't have access to the rest of the system (i.e. "/ftp/username/./public" makes "/ftp/username" their root "/" and starts them in "/public" off of that directory.)

3) Assign the user to their own unique group that has no other members. (i.e. "ftpuser1")

4) Add access permissions only for the user's group in the "/etc/ftpaccess" file (i.e. "guestgroup ftpuser1")

5) Provide only the minimum necessary commands for the user's ftp shell. Basically you copy the necessary files into a customized root structure off of their mounting point. Typically you only need to provide "/bin/ls", "/dev/socksys", "/dev/zero", "/etc/group" (a modified copy containing only groups they need), "/etc/passwd" (a modified copy containing only their login and with all encrypted passwords erased), "/lib/libprot.so.1", "/usr/lib/libc.so.1", and "/usr/lib/libsocket.so.1".

6) Shutdown and restart ftp. "ftpshut now ftpshutdown" "ftprestart"

Note: Ftp setup can be tricky. Refer to your user manual for more or the ftp man page for more info.
 
Upvote 0 Downvote
Many thanks for your reply..

I changed the shell for the user to "/usr/bin/false", it blocked telnet but also blocked ftp too..

I am using sco unix version 2.1.2..

awaiting yr feedback..
 
Upvote 0 Downvote
Check to make sure /etc/shells contains /usr/bin/false. IF it doesn't - it needs to. This will allow the user to connect via ftp. Man ftpd will give you some more info that is specific to your version.

Eric
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ziggy6
  • Locked
  • Question Question
Help using awk or some kind of Tool in Unix to Read a file, cut fields and write to a file
Replies
2
Views
2K
mikrom
mikrom
singaaravelup
  • Locked
  • Question Question
Need help on UNIX
Replies
0
Views
1K
singaaravelup
singaaravelup
pplearnunix46
  • Locked
  • Question Question
Grep Command help
Replies
1
Views
544
SamBones
SamBones
Soopa
  • Locked
  • Question Question
FTP Servers and Time Stamps
Replies
0
Views
282
Soopa
Soopa
Serpol
  • Locked
  • Question Question
Help request for a C3600 visualize
Replies
1
Views
324
Serpol
Serpol

Part and Inventory Search

Sponsor

Back
Top