|
|
|
google unix.com
|
|||||||
| Forums | Register | Forum Rules | Links | Albums | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
| UNIX for Dummies Questions & Answers If you're not sure where to post a UNIX or Linux question, post it here. All UNIX and Linux newbies welcome !! |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Solaris 2.6:max login retries | mad_chung | SUN Solaris | 1 | 01-04-2008 10:27 AM |
| Solaris 8 login GUI doesn't come up. | vntiger | SUN Solaris | 26 | 09-27-2007 11:24 PM |
| Solaris login scripts | citrowske | SUN Solaris | 0 | 02-08-2007 04:11 PM |
| Solaris 9 slow login thru ssh & ftp | BG_JrAdmin | SUN Solaris | 2 | 09-07-2005 03:54 AM |
| Solaris 2.6 exec login fails | rambo15 | Shell Programming and Scripting | 2 | 06-10-2004 08:02 PM |
 |
Powered by 
|
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
|
|
09-16-2008
|
||||
|
||||
Blocking FTP login at Solaris
Hi,
We have an application which runs on telnet port, application structure is file based, we have to give write permissions to all the users to all files so that they can work on the system. Recently we have noticed that all ordinary users can login through ftp and delete any file ( belonging to that application, because they have write permissions on all the files ), can anybody please let me know how can we block all user-ids logging into Solaris system through FTP except users whose user-ids start with "kcc"? One more thing, we can't completely block port 21 because one FTP server is running on the server for the documentation, for example: ftp://192.168.0.1/pub/English/Modules.html We want to block FTP login through command line or any other FTP client, people can continue using FTP through web. I hope, my query is explanatory enough. |
|
09-16-2008
|
||||
|
||||
|
Unfortunately the default FTP daemon is pretty simple and you have to give it a list of all users who are denied access, in the not very logically named /etc/ftpusers.
This means that every time you add new users you have to remember to update this file. Therefore it's a good idea to automate it, maybe run a job out of cron that does something like: Code:
awk -F: '!/^kcc/ {print $1}' /etc/passwd > /etc/ftpusers
|
|
09-17-2008
|
||||
|
||||
|
Not forgetting to exclude the kcc users...
Code:
awk -F: '$3 > 100 && $3 < 60000 && !/^kcc/ {print $1}' /etc/passwd > /etc/ftpusers
|
|
09-25-2008
|
||||
|
||||
|
Thanks for your replies, it worked but I have following issue now, as I mentioned earlier that our help is installed on a FTP server and path is as follows:
ftp://192.168.0.1/pub/English/Modules.html I don't want to block to this FTP server, now when users click on Help, they are asked to enter Username & Password, users who are mentioned at /etc/ftpusers are not granted access to this, any workaround to allow users to be able to view those help files via FTP? |
|
09-25-2008
|
||||
|
||||
|
In your position I would definitely serve that documentation using your web server, not your FTP server.
But if for some reason that's not possible... when they connect like that they are using anonymous FTP, so as long as you haven't added the 'ftp' user to /etc/ftpusers then it should still work as it did before. I'm presuming they were never prompted for username/password before? |
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Hybrid Mode
