Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: OpenBSD Ftp permissions problems - help!!
Top Forums UNIX for Dummies Questions & Answers OpenBSD Ftp permissions problems - help!! Post 81665 by Andy68man on Tuesday 23rd of August 2005 05:55:54 AM
Old 08-23-2005
Computer
Ok think I have sorted it now, found I only had to change inetd.conf to read:

ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.ftpd -u 007

And then restart the inetd. Now everything works fine!

Thanks to all for reading!
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

ftp permissions error

HI, I am not really even a newbie I'm just posing as one until our sys admin gets back from vacation. I am getting errors downloading certain files from an NT Server onto our inhouse Unix fileserver. Certain files always return errors when downloading to their proper directory.... (2 Replies)
Discussion started by: newbie10
2 Replies

2. UNIX for Dummies Questions & Answers

ftp file with full permissions

I am running sco openserver 5.0.6 and I was wondering if I could ftp files to one of my other servers and that file have full permissions set automatically on the new server. I have searched the internet and manned chmod chown and ftp but they only seem to talk about giving the permissions after... (7 Replies)
Discussion started by: stufine
7 Replies

3. HP-UX

FTP user files permissions problems!!!

Hi, I have a problem with my ftp accounts whereby if any external ftp party connects to our server and puts any file in a directory on our server. The file permissons are always -rw-r----- and no read for others. I have adjusted the ftp user .profile to include 'umask 022' but this only works... (3 Replies)
Discussion started by: budrito
3 Replies

4. UNIX for Dummies Questions & Answers

FTP Permissions

Hi Guys, I am trying to grant FTP acccess to my server for a WebDesigner to be able to upload live and see how it looks online. I created a new user (WebDes:tomcatUsers) and created his home dir as /var/lib/tomcat5/webapps/uPhoto/ and then made sure he CHROOT's to his home dir so he only... (1 Reply)
Discussion started by: boarderstu
1 Replies

5. AIX

FTP file permissions

Hi all, I am using ftp command to transfer a file from one AIX5.3 box to different box with the same OS level. Is there a way I could change the permissions on the file once its transferred, as I am automating the process but the file permissions on the target does not allow other users to access... (2 Replies)
Discussion started by: sam_78_nyc
2 Replies

6. UNIX for Dummies Questions & Answers

permissions on ftp...

hi, how can I see permissions through ftp connection ? I can't see them using "ls -l" as in the local system.. thanks (1 Reply)
Discussion started by: aneuryzma
1 Replies

7. UNIX for Dummies Questions & Answers

Permissions Issues FTP server

Hi all, Quick question, im going to find this a bit hard to explain but ill give it a go. Basically i have an admin account on an FTP server that i want to be able to control ALL files without having to use sudo (as i need to run cron scripts to move files that are owned by a number of... (2 Replies)
Discussion started by: mokachoka
2 Replies

8. BSD

OpenBSD pf problems

I am having troubles with this pf configuration, it seems when loaded nothing can access my server on the internal interface for the LAN, I cannot see why, and it's pretty much based off the very standard example in the OpenBSD faq. When I unload the configuration, I can access the DNS server on... (0 Replies)
Discussion started by: John Tate
0 Replies

9. UNIX for Dummies Questions & Answers

FTP loses write permissions

Hi Guys, i have learned today that when you ftp a file with full write permissions (777) to another destination it loses the w options. so a file that was once -rwxrwxrwx(before FTP) is now -rw-r--r-- (after FTP). why does this happen? and is it configurable? Regards, (8 Replies)
Discussion started by: brian112
8 Replies

10. UNIX for Dummies Questions & Answers

Qemu Problems: OpenBSD(host) Kali Linux(guest)

As the title suggests I ran into a little problem trying to create a virtual machine of Kali Linux usign Qemu inside OpenBSD. I edited the example Kali Linux gave on their website here to the following for BSD: qemu-system-i386 -hda ./kali.qcow2 -boot d -cdrom ./kali-linux-1.0.5-i386.iso -m... (0 Replies)
Discussion started by: Azrael
0 Replies

LEARN ABOUT LINUX

tcpd

TCPD(8) 						      System Manager's Manual							   TCPD(8)

NAME

       tcpd - access control facility for internet services

DESCRIPTION

       The  tcpd  program can be set up to monitor incoming requests for telnet, finger, ftp, exec, rsh, rlogin, tftp, talk, comsat and other ser-
       vices that have a one-to-one mapping onto executable files.

       The program supports both 4.3BSD-style sockets and System V.4-style TLI.  Functionality may be limited when the protocol underneath TLI	is
       not an internet protocol.

       There are two possible modes of operation: execution of tcpd before a service started by inetd, or linking a daemon with the libwrap shared
       library as documented in the hosts_access(3) manual page. Operation when started by inetd is as follows: whenever  a  request  for  service
       arrives, the inetd daemon is tricked into running the tcpd program instead of the desired server. tcpd logs the request and does some addi-
       tional checks. When all is well, tcpd runs the appropriate server program and goes away.

       Optional features are: pattern-based access control, client username lookups with the RFC 931 etc. protocol, protection against hosts  that
       pretend to have someone elses host name, and protection against hosts that pretend to have someone elses network address.

LOGGING

       Connections that are monitored by tcpd are reported through the syslog(3) facility. Each record contains a time stamp, the client host name
       and the name of the requested service.  The information can be useful to detect unwanted activities, especially	when  logfile  information
       from several hosts is merged.

       In order to find out where your logs are going, examine the syslog configuration file, usually /etc/syslog.conf.

ACCESS CONTROL

       Optionally,  tcpd  supports  a simple form of access control that is based on pattern matching.	The access-control software provides hooks
       for the execution of shell commands when a pattern fires.  For details, see the hosts_access(5) manual page.

HOST NAME VERIFICATION

       The authentication scheme of some protocols (rlogin, rsh) relies on host names. Some implementations believe the host name  that  they  get
       from any random name server; other implementations are more careful but use a flawed algorithm.

       tcpd  verifies  the  client  host  name	that  is returned by the address->name DNS server by looking at the host name and address that are
       returned by the name->address DNS server.  If any discrepancy is detected, tcpd concludes that it is dealing with a host that  pretends	to
       have someone elses host name.

       If  the	sources are compiled with -DPARANOID, tcpd will drop the connection in case of a host name/address mismatch.  Otherwise, the host-
       name can be matched with the PARANOID wildcard, after which suitable action can be taken.

HOST ADDRESS SPOOFING

       Optionally, tcpd disables source-routing socket options on every connection that it deals with. This will take care of  most  attacks  from
       hosts that pretend to have an address that belongs to someone elses network. UDP services do not benefit from this protection. This feature
       must be turned on at compile time.

RFC 931
       When RFC 931 etc. lookups are enabled (compile-time option) tcpd will attempt to establish the name of the client user. This  will  succeed
       only  if  the  client host runs an RFC 931-compliant daemon.  Client user name lookups will not work for datagram-oriented connections, and
       may cause noticeable delays in the case of connections from PCs.

EXAMPLES

       The details of using tcpd depend on pathname information that was compiled into the program.

EXAMPLE 1
       This example applies when tcpd expects that the original network daemons will be moved to an "other" place.

       In order to monitor access to the finger service, move the original finger daemon to the "other" place and install tcpd in the place of the
       original finger daemon. No changes are required to configuration files.

	    # mkdir /other/place
	    # mv /usr/sbin/in.fingerd /other/place
	    # cp tcpd /usr/sbin/in.fingerd

       The  example  assumes that the network daemons live in /usr/sbin. On some systems, network daemons live in /usr/sbin or in /usr/libexec, or
       have no `in.' prefix to their name.

EXAMPLE 2
       This example applies when tcpd expects that the network daemons are left in their original place.

       In order to monitor access to the finger service, perform the following edits on the inetd configuration file (usually /etc/inetd.conf):

	    finger  stream  tcp  nowait  nobody  /usr/sbin/in.fingerd  in.fingerd

       becomes:

	    finger  stream  tcp  nowait  nobody  /usr/sbin/tcpd     in.fingerd

       The example assumes that the network daemons live in /usr/sbin. On some systems, network daemons live in /usr/sbin or in /usr/libexec,  the
       daemons have no `in.' prefix to their name, or there is no userid field in the inetd configuration file.

       Similar	changes  will be needed for the other services that are to be covered by tcpd.	Send a `kill -HUP' to the inetd(8) process to make
       the changes effective.

EXAMPLE 3
       In the case of daemons that do not live in a common directory ("secret" or otherwise), edit the inetd configuration file so that it  speci-
       fies an absolute path name for the process name field. For example:

	   ntalk  dgram  udp  wait  root  /usr/sbin/tcpd  /usr/local/lib/ntalkd

       Only the last component (ntalkd) of the pathname will be used for access control and logging.

BUGS

       Some  UDP  (and RPC) daemons linger around for a while after they have finished their work, in case another request comes in.  In the inetd
       configuration file these services are registered with the wait option. Only the request that started such a daemon will be logged.

       The program does not work with RPC services over TCP. These services are registered as rpc/tcp in the inetd configuration  file.  The  only
       non-trivial  service  that is affected by this limitation is rexd, which is used by the on(1) command. This is no great loss.  On most sys-
       tems, rexd is less secure than a wildcard in /etc/hosts.equiv.

       RPC broadcast requests (for example: rwall, rup, rusers) always appear to come from the responding host. What happens is  that  the  client
       broadcasts  the	request  to  all portmap daemons on its network; each portmap daemon forwards the request to a local daemon. As far as the
       rwall etc.  daemons know, the request comes from the local host.

FILES

       The default locations of the host access control tables are:

       /etc/hosts.allow
       /etc/hosts.deny

SEE ALSO

       hosts_access(3), functions provided by the libwrap library.
       hosts_access(5), format of the tcpd access control tables.
       syslog.conf(5), format of the syslogd control file.
       inetd.conf(5), format of the inetd control file.

AUTHORS

       Wietse Venema (wietse@wzv.win.tue.nl),
       Department of Mathematics and Computing Science,
       Eindhoven University of Technology
       Den Dolech 2, P.O. Box 513,
       5600 MB Eindhoven, The Netherlands

																	   TCPD(8)
All times are GMT -4. The time now is 04:54 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy