Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: user setup - only ftp access
Operating Systems Solaris user setup - only ftp access Post 83975 by Unbeliever on Wednesday 21st of September 2005 06:00:02 AM
Old 09-21-2005
For an account to have ftp access the shell must also be present in /etc/shells

Add /usr/bin/false to this file
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

FTP user access

I created a user which I would like to have access only to FTP. I am able to get FTP to the machine with that user, but I only want him to have access to two directories, and no shell access. How can I accomplish this? Thanx, Aaron (1 Reply)
Discussion started by: Spetnik
1 Replies

2. Solaris

How to create a new ftp user account with limited access..?

Hi All, I'm using solaris 2.8, and I want create a new ftp user account with the following restrictions: - Have only ftp access, no telnet or rlogin - Have restricted access to its home directory example /export/home/newuser - Deny access to any other directory. Thanks for your help, ... (6 Replies)
Discussion started by: Jeremy3
6 Replies

3. UNIX for Advanced & Expert Users

Restrict FTP access to a single directory for only one user.

Hi All, It will be very great if you can help me in this issue. Thanks in advance. I need to enable FTP on a solaris9 server. I need to create a new user some "xxxxxx" and he can only FTP the files to and from between /tftpboot directory and network devices. Other users should not... (8 Replies)
Discussion started by: santhoshkumar_d
8 Replies

4. UNIX for Advanced & Expert Users

How to give FTP access to a single user

Hi all, How can i give ftp access to single user on solaris9 system? others should not have the ftp access. i know about ftpusers file in /etc/ftpd but still what about if so many new users are created daily? And now for that single user how can we restict him to ftp the files only from... (2 Replies)
Discussion started by: santhoshkumar_d
2 Replies

5. Shell Programming and Scripting

Giving existing user access on ftp

Hi all, I have a project on going that combines two different departments. I cannot give detais on this project, I´m sure everybody understands that, but I would like your help on giving me pointers on how to give an existing user access to ftp, without the need to give him full access. So here... (0 Replies)
Discussion started by: Alexis Duarte
0 Replies

6. AIX

A user with restricted ftp access to a folder

Hi, We have Oracle Database on AIX 5.3 server.We want to give ftp access to a user to a specific folder.He should be able to put and get files from that specific folder only.Moreover he should not be able to cd to any other filesystems also along with root directory. Please note that as per... (1 Reply)
Discussion started by: dwiravi
1 Replies

7. UNIX for Advanced & Expert Users

How to create user with access only to one folder through ftp?

Hi all, Can someone help me with creating user with special privilegies? I need to create user who will have access ONLY to one folder (like /etc/log/) through ftp (read only access) and which will not have any other ways to log in like telnet, ssh etc.? (5 Replies)
Discussion started by: nypreH
5 Replies

8. AIX

ftp access without shell access

Hi all, I'm using AIX v 5.3 I want to create system users to access through ftp or sftp and restrict those users into specific directory and don't traverse the whole file system just to be restricted within a directory and don't get shell access . i don't want to use any other third party... (7 Replies)
Discussion started by: h@foorsa.biz
7 Replies

9. Shell Programming and Scripting

Allow FTP user to access multiple directories

Hi Experts, I am in urgent need of your suggestions. I have below two users in my system: xyz:x:101:101:XYZ System Account:/export/home/xyz:/bin/bash abc:x:2009:10:ftp user only:/export/home/abc:/bin/false Where "xyz" is the crucial one and "abc" is only introduced for FTPing the... (2 Replies)
Discussion started by: sugarcane
2 Replies

10. Solaris

Limit FTP user's access to a specific directory

Hi, I have searched "Limit FTP user's access to a specific directory" subject for 3 days. I found proftp and vsftp but i couldn't compile and install. Is there any idea. Please suggest. (6 Replies)
Discussion started by: hamurd
6 Replies

LEARN ABOUT MINIX

krb5_auth_rules

krb5_auth_rules(5)					Standards, Environments, and Macros					krb5_auth_rules(5)

NAME

       krb5_auth_rules - Overview of Kerberos V5 authorization

DESCRIPTION

       When  a	user  uses  kerberized	versions of the ftp, rdist, rcp, rlogin, rsh, or telnet clients to connect to a server, even if the user's
       claimed Kerberos V5 identity is authenticated, the user is not necessarily authorized. Authentication merely proves that the user  is  "who
       he says he is" to the Kerberos V5 authentication system. Authorization also needs to be done, since it determines if that Kerberos identity
       is permitted to access the Solaris user account that the client wants to access.

       Each user may have a private authorization list in a file ~/.k5login in his login directory (on the server). Each line in this file  should
       contain	a  Kerberos  principal name of the form principal/instance@realm. If the server finds a ~/.k5login file, then access is granted to
       the account if and only if the originating user is authenticated to one of the principals named in the ~/.k5login file.

       If there is no ~/.k5login file, the originating user will then be checked against the gsscred table (see gsscred(1M)).  If the  originating
       user's  Kerberos  V5  identity  is  in  the gsscred table, and if the UNIX user id in the gsscred table corresponds to the user account the
       client is trying access, then the originating user is granted access to the account on the server. If the UNIX user id does not match, then
       the originating user is denied access.

       For  example, suppose the originating user has a principal name of jdb@ENG.ACME.COM and the target account is jdb-user. If jdb@ENG.ACME.COM
       appears in the gsscred table with uid 23154 and if jdb-user appears in the user account database  (see  passwd(4))  with  uid  23154,  then
       access to account jdb-user is granted.  Of course, normally, the target account name in this example would be jdb and not jdb-user.

       Finally,  if there is no ~/.k5login file and if the originating user's Kerberos V5 identity is not in the gsscred table, then the user will
       be granted access to the account if and only if all of the following are true:

	 o  The user part of the authenticated principal name is the same as the target account name specified by the client.

	 o  The realm part of the client and server are the same.

	 o  The target account name exists on the server.

       For example, if the originating user has a principal name of jdb@ENG.ACME.COM and if the server is in realm SALES.ACME.COM,  then  even	if
       jdb  is	a  valid account name on the server, the client would be denied access. This is because the realms SALES.ACME.COM and ENG.ACME.COM
       differ.

FILES

       ~/.k5login      Per user-account authorization file.

       /etc/passwd     System account file. This information may also be in a directory service. See passwd(4).

ATTRIBUTES

       See attributes(5) for a description of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       ftp(1), rcp(1), rdist(1), rlogin(1), rsh(1), telnet(1), gsscred(1M), passwd(4), attributes(5), gss_auth_rules(5)

NOTES

       To avoid security problems, the ~/.k5login file must be owned by the remote user.

SunOS 5.10							    13 Apr 2004 						krb5_auth_rules(5)
All times are GMT -4. The time now is 07:02 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy