Sponsored Content
Top Forums UNIX for Dummies Questions & Answers How do you set up an FTP user account? Post 302241269 by varunrishi2006 on Monday 29th of September 2008 03:06:10 AM
Old 09-29-2008
hello,
could you plaese tell me if we have to make a separate user account for ftp only without telnet in case of IBM-AIX server then what would be the steps??
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Ftp account change password

How can I change the password from an ftp user account on a ssh server? Please give me simple instructions for a users who hasn't a lot of experience. :D Just the words in form of a list thanks a lot. (1 Reply)
Discussion started by: m.seidenberg
1 Replies

2. Solaris

How to create a new ftp user account with limited access..?

Hi All, I'm using solaris 2.8, and I want create a new ftp user account with the following restrictions: - Have only ftp access, no telnet or rlogin - Have restricted access to its home directory example /export/home/newuser - Deny access to any other directory. Thanks for your help, ... (6 Replies)
Discussion started by: Jeremy3
6 Replies

3. Solaris

ftp account locking

I need some help trying to figure out why our ftp account keeps getting locked with no manual intervention. We have end of day processes that run nightly and the last thing it does is ftp files to a server. Everyonce in a while the script fails because the account has been locked. How could this... (5 Replies)
Discussion started by: morgadoa
5 Replies

4. HP-UX

umask for an ftp account

Hi, I have an ftp account which is used for transferring files to a UNIX box. eventhough the permissions on the source box for the files are 777, when it reaches the destination node via this ftp transfer the permissions is getting changed to -rw-r----- can someone please help me? umask... (3 Replies)
Discussion started by: vivek_damodaran
3 Replies

5. UNIX for Dummies Questions & Answers

Difference between : Locked User Account & Disabled User Accounts in Linux ?

Thanks AVKlinux (3 Replies)
Discussion started by: avklinux
3 Replies

6. UNIX for Dummies Questions & Answers

Setting up FTP account

Hi, I am new to the workd of FTP administration. I was asked to make an account on our FTP server so that someone can only download and upload to his home directory. The account is made but what settings/cconfiguration can I verify to ensure that the user has access to his home directory only?... (1 Reply)
Discussion started by: mojoman
1 Replies

7. UNIX for Advanced & Expert Users

su to account set to NL

Greetings Forumers! I have created several Application accounts on servers that run cron jobs but should not allow direct logins. These accounts have a password set but have been modified with 'passwd -N'. Now my users are complaining that they cannot become that application account with... (3 Replies)
Discussion started by: bluescreen
3 Replies

8. Solaris

Set Password Account to NP or NL

Hi Everyone, my name`s Sergio. I need your help please. I have a problem using Solaris 9. I create an account with the command line "useradd", with this I have no problem. My problem is I need set the created account to NP (No Password or Non Login). For example: cat /etc/shadow ... (2 Replies)
Discussion started by: roswell
2 Replies

9. Solaris

Set account to NOT autounlock following login attempt failures

Well, my title pretty much says it. How do I "Set account to NOT autounlock following login attempt failures"? I've configured /etc/default/passwd to my organization's security policy but I have yet to work out how to set the account to stay locked after the user fails to authenticate a few times.... (2 Replies)
Discussion started by: DustinT
2 Replies
krb5_auth_rules(5)					Standards, Environments, and Macros					krb5_auth_rules(5)

NAME
krb5_auth_rules - Overview of Kerberos V5 authorization DESCRIPTION
When a user uses kerberized versions of the ftp, rdist, rcp, rlogin, rsh, or telnet clients to connect to a server, even if the user's claimed Kerberos V5 identity is authenticated, the user is not necessarily authorized. Authentication merely proves that the user is "who he says he is" to the Kerberos V5 authentication system. Authorization also needs to be done, since it determines if that Kerberos identity is permitted to access the Solaris user account that the client wants to access. Each user may have a private authorization list in a file ~/.k5login in his login directory (on the server). Each line in this file should contain a Kerberos principal name of the form principal/instance@realm. If the server finds a ~/.k5login file, then access is granted to the account if and only if the originating user is authenticated to one of the principals named in the ~/.k5login file. If there is no ~/.k5login file, the originating user will then be checked against the gsscred table (see gsscred(1M)). If the originating user's Kerberos V5 identity is in the gsscred table, and if the UNIX user id in the gsscred table corresponds to the user account the client is trying access, then the originating user is granted access to the account on the server. If the UNIX user id does not match, then the originating user is denied access. For example, suppose the originating user has a principal name of jdb@ENG.ACME.COM and the target account is jdb-user. If jdb@ENG.ACME.COM appears in the gsscred table with uid 23154 and if jdb-user appears in the user account database (see passwd(4)) with uid 23154, then access to account jdb-user is granted. Of course, normally, the target account name in this example would be jdb and not jdb-user. Finally, if there is no ~/.k5login file and if the originating user's Kerberos V5 identity is not in the gsscred table, then the user will be granted access to the account if and only if all of the following are true: o The user part of the authenticated principal name is the same as the target account name specified by the client. o The realm part of the client and server are the same. o The target account name exists on the server. For example, if the originating user has a principal name of jdb@ENG.ACME.COM and if the server is in realm SALES.ACME.COM, then even if jdb is a valid account name on the server, the client would be denied access. This is because the realms SALES.ACME.COM and ENG.ACME.COM differ. FILES
~/.k5login Per user-account authorization file. /etc/passwd System account file. This information may also be in a directory service. See passwd(4). ATTRIBUTES
See attributes(5) for a description of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Interface Stability |Evolving | +-----------------------------+-----------------------------+ SEE ALSO
ftp(1), rcp(1), rdist(1), rlogin(1), rsh(1), telnet(1), gsscred(1M), passwd(4), attributes(5), gss_auth_rules(5) NOTES
To avoid security problems, the ~/.k5login file must be owned by the remote user. SunOS 5.10 13 Apr 2004 krb5_auth_rules(5)
All times are GMT -4. The time now is 07:58 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy