Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to create a new ftp user account with limited access..?
Operating Systems Solaris How to create a new ftp user account with limited access..? Post 302087204 by System Shock on Wednesday 30th of August 2006 10:13:26 AM
Old 08-30-2006
There are a couple ways you can go.

You can use a restricted shell to contain the user in that user's directory. There's one rssh shell out there that allows only scp and sftp. You'd have to compile it. I have enver used it, so I don't know how well it works.

If you have many users who need to be set that way, you may want to configure an anonymous ftp server. That way everyone can log into the ftp directory using "anonymous" as a the user name. That way users will have a login to the ftp server, but not a user login.

You can also transfer the files somewhere else. If you have only one user that needs files, rather than you giving him a login into your box, have the user give you a login into the user's workstation and automate a file transfer to it via script. Or if you have many users, you can designate a workstation as a repository and transfer all files there. That way, you don't care what happens to the workstation.

It just depends on your particular situatoin.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

create or modify user account to have same access as root

Is there a way to create or better yet modify a user account so it has the same privs as root? (6 Replies)
Discussion started by: xadamz23
6 Replies

2. UNIX for Dummies Questions & Answers

create user - limited priviledge

i want to create unix user account (usera) for outsider so that they can run program that exist in /application/xxx/. The account have their own home directory (/home/usera). But on the same time the user cannot run any application/command either than in /application/xxx/. User can only... (1 Reply)
Discussion started by: golden_shooter
1 Replies

3. UNIX for Advanced & Expert Users

create user - limited priviledge

i want to create unix user account (usera) for outsider so that they can run program that exist in /application/xxx/. The account have their own home directory (/home/usera). But on the same time the user cannot run any application/command either than in /application/xxx/. User can only... (1 Reply)
Discussion started by: golden_shooter
1 Replies

4. UNIX for Dummies Questions & Answers

user with limited access

dear guys, sorry for asking a noob :p question, tried to search the forum for an answer but couldn't find one, i am running solaris 10 and i would like to create a user with limited access to view only one directory, the directory already exist, is this possible:confused:? thanks and regards (4 Replies)
Discussion started by: q8devilish
4 Replies

5. Shell Programming and Scripting

how i can make one ip access to ftp account and deny others

HI I want to make only one IP can access to ftp acount in cpanel or by shell can any body help me ? (1 Reply)
Discussion started by: elkadrey
1 Replies

6. Solaris

Creating User account with limited permission

Hi All, I want to create an user account which can only excute "df -kh" and "prstat -a" command. The user will not be able to perform "rm" and other critical commands. Is there a way to do it? rgds, Ronny (2 Replies)
Discussion started by: ronny_nch
2 Replies

7. Solaris

User with limited access to one directory

is there a way to create a user and limit him to read,write and execute only in one direcotry. the directory is already exsist and it belongs to dba group. i would like to make this user can't even cd to another directory or even if he can he cant do anything in the other directories. if... (7 Replies)
Discussion started by: q8devilish
7 Replies

8. UNIX for Advanced & Expert Users

How to create user with access only to one folder through ftp?

Hi all, Can someone help me with creating user with special privilegies? I need to create user who will have access ONLY to one folder (like /etc/log/) through ftp (read only access) and which will not have any other ways to log in like telnet, ssh etc.? (5 Replies)
Discussion started by: nypreH
5 Replies

9. HP-UX

How to create a user in UNIX with some limited permissions?

As i know, Unix or Linux only manages 2 type of user: root user or normal user. All users with userID=0 will have all administration permissions like root user with the system. In my case, i want to create a new user in HP-UNIX environment with all root permissions only one exception that this... (5 Replies)
Discussion started by: hieucn1404
5 Replies

10. Ubuntu

Create an user with limited permission on LUbuntu

Hello folks, I pretend install Lubuntu 16.04 LTS in pc for any employer use this pc! I think create an user with, only, permission to read and write, 770. This is the best scenario? I think create this user through terminal, because I pretend create a script, and I don't where wizard has... (0 Replies)
Discussion started by: enodev
0 Replies

LEARN ABOUT X11R4

krb5_auth_rules

krb5_auth_rules(5)					Standards, Environments, and Macros					krb5_auth_rules(5)

NAME

       krb5_auth_rules - Overview of Kerberos V5 authorization

DESCRIPTION

       When  a	user  uses  kerberized	versions of the ftp, rdist, rcp, rlogin, rsh, or telnet clients to connect to a server, even if the user's
       claimed Kerberos V5 identity is authenticated, the user is not necessarily authorized. Authentication merely proves that the user  is  "who
       he says he is" to the Kerberos V5 authentication system. Authorization also needs to be done, since it determines if that Kerberos identity
       is permitted to access the Solaris user account that the client wants to access.

       Each user may have a private authorization list in a file ~/.k5login in his login directory (on the server). Each line in this file  should
       contain	a  Kerberos  principal name of the form principal/instance@realm. If the server finds a ~/.k5login file, then access is granted to
       the account if and only if the originating user is authenticated to one of the principals named in the ~/.k5login file.

       If there is no ~/.k5login file, the originating user will then be checked against the gsscred table (see gsscred(1M)).  If the  originating
       user's  Kerberos  V5  identity  is  in  the gsscred table, and if the UNIX user id in the gsscred table corresponds to the user account the
       client is trying access, then the originating user is granted access to the account on the server. If the UNIX user id does not match, then
       the originating user is denied access.

       For  example, suppose the originating user has a principal name of jdb@ENG.ACME.COM and the target account is jdb-user. If jdb@ENG.ACME.COM
       appears in the gsscred table with uid 23154 and if jdb-user appears in the user account database  (see  passwd(4))  with  uid  23154,  then
       access to account jdb-user is granted.  Of course, normally, the target account name in this example would be jdb and not jdb-user.

       Finally,  if there is no ~/.k5login file and if the originating user's Kerberos V5 identity is not in the gsscred table, then the user will
       be granted access to the account if and only if all of the following are true:

	 o  The user part of the authenticated principal name is the same as the target account name specified by the client.

	 o  The realm part of the client and server are the same.

	 o  The target account name exists on the server.

       For example, if the originating user has a principal name of jdb@ENG.ACME.COM and if the server is in realm SALES.ACME.COM,  then  even	if
       jdb  is	a  valid account name on the server, the client would be denied access. This is because the realms SALES.ACME.COM and ENG.ACME.COM
       differ.

FILES

       ~/.k5login      Per user-account authorization file.

       /etc/passwd     System account file. This information may also be in a directory service. See passwd(4).

ATTRIBUTES

       See attributes(5) for a description of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       ftp(1), rcp(1), rdist(1), rlogin(1), rsh(1), telnet(1), gsscred(1M), passwd(4), attributes(5), gss_auth_rules(5)

NOTES

       To avoid security problems, the ~/.k5login file must be owned by the remote user.

SunOS 5.10							    13 Apr 2004 						krb5_auth_rules(5)
All times are GMT -4. The time now is 04:53 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy