Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Permissions for FTP User

Status
Not open for further replies.
TSch

TSch

Technical User
Jul 12, 2001
557
DE
Hi everybody,

following problem:

I've created a user - let's say - "ABC" under AIX.
Now I want that someone using a Windows machine is able to login to the AIX machine via FTP (or maybe even telnet) command under that user (ABC). But he shall only be able to access one specific directory and that directory only ...

How can I do it ?

Thanks in advance !

Regards
Thomas
 
Sort by date Sort by votes
This works on solaris but I haven't tested it on AIX

If you want an account that can only be used via ftp do the following, please remember the only user that will be able to ftp is ftponly, if you require other users to ftp edit the /etc/ftpusers file and either comment out (using a # at the start of the line) or remove the user from the file.

1) cat /etc/passwd|cut -f 1 -d: > /etc/ftpusers

2) At the prompt type

echo 'echo "This account only allows FTP Access."' > /bin/ftponly

make the file executable

chmod a+x /bin/ftponly

3) Next check to see if you have the file /etc/shells

a) If you have, edited the file and add

/bin/ftponly

b) If not do

ls /bin/*sh > /etc/shells
then add the /bin/ftponly line


4) Next create the user

useradd -c "FTP Only User" -d /home/ftpfiles -m -s /bin/ftponly -g staff ftponly

5) give the ftponly account a passwd

passwd ftponly

6) Then set the permissions on /home/ftpfiles to restrict the useage. See man chmod

Regards

Mike

"A foolproof method for sculpting an elephant: first, get a huge block of marble, then you chip away everything that doesn't look like an elephant."

 
Upvote 0 Downvote
Hi,

I'll check it out ...

Thanks a lot !
 
Upvote 0 Downvote
Hi Thomas. Mike's suggestion might work. You may also like to do a keyword search in this forum for 'restrict ftp' or similar, as it's a question that is asked on a fairly regular basis.
 
Upvote 0 Downvote
But he shall only be able to access one specific directory and that directory only ..."

Mike's instruction are solid in terms of creating the user and limiting it to ftp access. Once the ftp connection is made, though, the account will be able to cd to other directories. You need to set up a chroot home directory for the account. (man chroot)

The /etc/ftpusers file is optional. It is a deny list, so any account *not* listed in that file will have ftp access by default.

The shells attribute in /etc/security/login.cfg should be updated with the /bin/ftponly "shell" The chsec command is used for updating this file.

-glenn
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

bhm-ibm
  • Locked
  • Question
ELK Monitoring tool for AIX
Replies
0
Views
274
bhm-ibm
bhm-ibm
ui05067
  • Locked
  • Question
Runnign AIX ftpd someone is att
Replies
4
Views
258
iggsterman
iggsterman
AnjuSingh
  • Locked
  • Question
Hello, I have a generic user whi
Replies
3
Views
164
iggsterman
iggsterman
amandeepgautam
  • Locked
  • Question
futex alternative for aix
Replies
0
Views
121
amandeepgautam
amandeepgautam
trifo
  • Locked
  • Question
Setting up NIM for different networks
Replies
0
Views
217
trifo
trifo

Part and Inventory Search

Sponsor

Back
Top