Dear all expects,
I have a security problem that I would like to resolve.
I need to create a user ID in my AIX 5.3 environment and to point the login to a specific directory for FTP purposes. There is only 2 directories that I can allow the user ID to perform read/write. I would like to prevent the user ID to go other places for read / writing..
User ID : TestFTP
Home Directory : /home/TestFTP
/home/TestFTP/.profile : cd /data06/ABC01
Thus, it ends up sign in to /data06/ABC01.
It should be allowed to read/write on /data06/ABC01 and /data06/ABC01/ABC01_BAK.
Other than that, it cannot cd .. to go back to /data06 or it cannot cd to any other directories.
create the user as usual, but give them the home directory as /data06/ABC01 and give them a shell of /bin/false.
So they would look this this in the /etc/passwd file:
TestFTP:x:1007:33:Chroot account for abc:/data06/ABC01:/bin/false
(of course the UID and GID #'s would be different)
Next, edit /etc/ssh/sshd_config and add the following:
Code:
Match User TestFTP
ChrootDirectory /data06/ABC01
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
This will enable the user to sftp in and have access to /data06/ABC01 and any folders below it. I see a couple of problems here:
* the .profile doing a cd /data06/ABC01 won't work, as it's a chroot environment. This can be commented out.
* As the chrootDirectory is /data06/ABC01 both would have to be root owned with no write access for group and/or everyone. If you require RW to the ABC01 directory, this is going to give problems (and you've requested no access to /data06).
A method I've implemented with another product seems to work fine (but uses ftps instead) was to install proftpd with SSl/TLS support compiled in.
Set it up to use a chrootDirectory, and make it /data06/ABC01 (for either TestFTP user or all users). This will allow rw access to /data06/ABC01, and have no access to /data06
Last edited by smurphy_it; 01-18-2012 at 11:28 AM..
Reason: Additional suggestion
Hi All,
There is a code like below in my script
###############################################
###Create Directories and Sub-Directories
###############################################
dpdir=DP_FROM_${from}_TO_${to}
mkdir $dpdir
cd $dpdir
mkdir AWQM WFCONTROLLER PROVCO PRISM
... (1 Reply)
I am trying to do the following task :
export ENV=aaa
export ENV_PATH=$(cd /apps | ls | grep $ENV)
However, it's not working. What's the way to change to directory and search some file in that directory in single command
Please help. (2 Replies)
Hi,
I Installed mysql on my CentOS 6.2 Server. But when I tried to change the location of /var/lib/mysql to another directory. I can't start the mysql. Below is what I've done
yum install mysql mysql-server mysql-devel
mkdir /path/to/new/
cp -R /var/lib/mysql /path/to/new
chown -R... (1 Reply)
I have a simple shell script that prompts the user to enter a directory to navigate to.
What i want it to do and i don't know how to do this is if the directory is invalid automatically navigate to the home directory.
echo "enter a directory to navigate to:"
read directory
cd $directory... (6 Replies)
Hello,
What is the best way to disallow new ssh connections for the duration of my session ?
I want to evade read/write collisions. Things work like that - one session put files on server, other copies these files and then deletes them. So in order to evade collision:
- I check if there are... (1 Reply)
I have a directory that is existing under my root dir of the FTP server. The DIR name is 'Software Patch'. I want to move in to that DIR to download some patches. But, when I issued a command 'cd SOftware Patch', the system said that it cannot find the dir 'Software'. I tried all possible ways like... (2 Replies)
hi,
Iam in directory A. I run a script from there. inside the script i have a command cd B.
When i come out of the script directory is A only.
Even when i come out scrip i want the directory to be B
How to achieve (2 Replies)
I want to limit the directories that a user can
access. When this users logs in, I do not want
them to cd to any directory but those in their
$HOME. In other words:
login:
pwd:
/home/user
cd / -- user tries to cd to root directory.
pwd
/home/user -- user is still in home... (4 Replies)
Hi all,
I'm trying to wirte a small shell script in Linux. My script has the flow like,
cmd1
cmd2
cd testdata
cmd3
After exiting the program, the CWD remains the same as where I execute the program. I need it to be changed to the latest updated directory in the program. How can I do... (1 Reply)
