Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: restricting access...
Special Forums Cybersecurity restricting access... Post 2333 by alwayslearningunix on Tuesday 8th of May 2001 04:36:28 AM
Old 05-08-2001
ftpaccess
Thanks PxT, I am going to consider that for users who need a command prompt, I wonder if you could help me I've been working on this all night with no luck...

I want to chroot ftp users to their home dir, I have set up /etc and /bin in their directories, modified the /etc/passwd to:

user:x:500:500::/home/./user:/etc/ftponly

So they should chroot to /home and then chdir to their directory, and sit in that jail and not be allowed out of /home. I created passwd and group in ~etc.

The final bit of the plot was to add the guest ftp entry into /etc/ftpaccess. Which I did as:

guestgroup group

Where group is the group of the user.

However when I attempt to login as that user it says invalid username or password, if I take out this entry from ftpaccess I can login and am taken to /home/user, but I can escape from /home which I would expect as it clearly hasnt been specified as a chrooted guest ftp account, its only taking the directory to land me in from /etc/passwd.

Do you know what the problem could be? I've tried changing owners, permissions, messing around with ftpaccess, nothing seems to work.

Thanks for any help, from anyone.

Regards
alwayslearningunix
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Restricting access

I need to create a user that only has access to 1 directory (e.g. /vol/mita/test). The user needs to be able to rsh into that directory to run a script. The user should not be able to navigate to any other directories above /vol/mita/test. Any help would be appreciated! (4 Replies)
Discussion started by: ngagne
4 Replies

2. UNIX for Dummies Questions & Answers

Restricting access to a machine by IP Address

I have a need to allow only certain IP addresses to access a machine running solaris 9. I am not sure how this can be accomplished. Thanks in advance for your help. Patch (2 Replies)
Discussion started by: patch
2 Replies

3. Solaris

restricting access

Hi All, I'm on Solaris 8, I need to provide Read-only access to a user to 2 directories only. Using rsh (restricted shell) as the user's login shell, I can restrict the user's access to a certain directory only, but how can I set in such a way that the user can access only the 2 directories... (4 Replies)
Discussion started by: max_min
4 Replies

4. UNIX for Advanced & Expert Users

restricting root access

I'm the admin in a shop in which my developers have and use the root account, all UNIX newbies. I've been unable to convince management myself that this is an unacceptable practice. I've looked in a couple books I have and can't find any chapters, discussions, etc that make the argument that... (2 Replies)
Discussion started by: keith.m
2 Replies

5. Solaris

restricting access to a server

We want to secure access to a server by restricting the number of users who can login to it. Our users are NIS users. Only few of them can telnet/ssh this server. Do you have any idea on how to implement that? thanks. (1 Reply)
Discussion started by: melanie_pfefer
1 Replies

6. UNIX for Advanced & Expert Users

Restricting access to code

Hi All, I am facing a problem, regarding code security on a server. We have configured a server which contains our code (ear present in jboss/server/xyz/deploy) in it, and need to bind the code to the server itself so that no one can take the code out of the. the problem is that the password of... (3 Replies)
Discussion started by: akshay61286
3 Replies

7. Solaris

Restricting FTP access for a particular directory

Dear All, I have created a user called "x" who is allowed only to FTP and it is working fine. Here my problem is, I want to give access to a particular directory say for eg:- /dump/test directory. I don't find any option in the useradd command to restrict access to this particular directory only... (1 Reply)
Discussion started by: Vijayakumarpc
1 Replies

8. Solaris

Restricting CPU Core Access

Hi all. I've had a quick look around but cant see anything exactly matching my requirements. I have a new T2000 running S10. Im looking to restrict the no. cores that a S10 non-global zone can use to 1 only. The box is single CPU but 8core. I want to do this to save on some software... (4 Replies)
Discussion started by: boneyard
4 Replies

9. UNIX for Dummies Questions & Answers

Restricting SFTP access

Hello, I am using MySecureShell to chroot all sftp accesses. The problem that I have is that my boss does not want root to be able to use sftp. Root should still be able to ssh. Any ideas? (2 Replies)
Discussion started by: mojoman
2 Replies

10. Solaris

Restricting commands & access

Dear all, I am administering a DC environment of over 100+ Solaris servers used by various teams including Databases. Every user created on the node belonging to databases is assigned group staff(10) . I want that all users belonging to staff should NOT be able to execute certain system... (6 Replies)
Discussion started by: Junaid Subhani
6 Replies

LEARN ABOUT MOJAVE

chown

CHOWN(8)						    BSD System Manager's Manual 						  CHOWN(8)

NAME

     chown -- change file owner and group

SYNOPSIS

     chown [-fhv] [-R [-H | -L | -P]] owner[:group] file ...
     chown [-fhv] [-R [-H | -L | -P]] :group file ...

DESCRIPTION

     The chown utility changes the user ID and/or the group ID of the specified files.	Symbolic links named by arguments are silently left
     unchanged unless -h is used.

     The options are as follows:

     -f      Don't report any failure to change file owner or group, nor modify the exit status to reflect such failures.

     -H      If the -R option is specified, symbolic links on the command line are followed.  (Symbolic links encountered in the tree traversal
	     are not followed.)

     -h      If the file is a symbolic link, change the user ID and/or the group ID of the link itself.

     -L      If the -R option is specified, all symbolic links are followed.

     -P      If the -R option is specified, no symbolic links are followed.  Instead, the user and/or group ID of the link itself are modified.
	     This is the default. Use -h to change the user ID and/or the group of symbolic links.

     -R      Change the user ID and/or the group ID for the file hierarchies rooted in the files instead of just the files themselves.

     -v      Cause chown to be verbose, showing files as the owner is modified.

     The -H, -L and -P options are ignored unless the -R option is specified.  In addition, these options override each other and the command's
     actions are determined by the last one specified.

     The owner and group operands are both optional; however, at least one must be specified.  If the group operand is specified, it must be pre-
     ceded by a colon (``:'') character.

     The owner may be either a numeric user ID or a user name.	If a user name is also a numeric user ID, the operand is used as a user name.  The
     group may be either a numeric group ID or a group name.  If a group name is also a numeric group ID, the operand is used as a group name.

     For obvious security reasons, the ownership of a file may only be altered by a super-user.  Similarly, only a member of a group can change a
     file's group ID to that group.

DIAGNOSTICS

     The chown utility exits 0 on success, and >0 if an error occurs.

COMPATIBILITY

     Previous versions of the chown utility used the dot (``.'') character to distinguish the group name.  This has been changed to be a colon
     (``:'') character, so that user and group names may contain the dot character.

     On previous versions of this system, symbolic links did not have owners.

     The -v option is non-standard and its use in scripts is not recommended.

LEGACY DESCRIPTION

     In legacy mode, the -R and -RP options do not change the user ID or the group ID of symbolic links.

SEE ALSO

     chgrp(1), find(1), chown(2), fts(3), compat(5), symlink(7)

STANDARDS

     The chown utility is expected to be IEEE Std 1003.2 (``POSIX.2'') compliant.

HISTORY

     A chown utility appeared in Version 1 AT&T UNIX.

BSD
								  March 31, 1994							       BSD
All times are GMT -4. The time now is 05:08 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy