Search the FAQ Archives

3 - A - B - C - D - E - F - G - H - I - J - K - L - M
N - O - P - Q - R - S - T - U - V - W - X - Y - Z
faqs.org - Internet FAQ Archives

comp.sys.hp.hpux FAQ
Section - 5.14.2 How can I set up group-based FTP access?

( Single Page )
[ Usenet FAQs | Web FAQs | Documents | RFC Index | Schools ]


Top Document: comp.sys.hp.hpux FAQ
Previous Document: 5.14.1 How can I tell if I need more than a 2-user license?
Next Document: 5.14.3 Has /etc/logingroup functionality changed in 11.x?
See reader questions & answers on this topic! - Help others by sharing your knowledge
See-Also: item 7.1.1.3

Here is how to set up ftp so that a group of users only have ftp access,
they all have their own individual passwd, but they all access the same
set of files (i.e., the system thinks they are all really the same ftp
user).  With only a slight change, you can have a group of users that
only have ftp access, each with their own individual passwd, and access
only to their own set of files (this is left as an exercise for the
reader).

1) Set up anonymous ftp (assumed in later instructions to be at
   /users/ftp).

2) Add a user and group to /etc/passwd and /etc/group.

   For example, in /etc/passwd:

        ftpuser:*:1000:1000:FTP User:/users/ftp/ftpusers:/bin/false

   and in /etc/group:

        ftpgroup:*:1000:ftpuser

   Note that ftpuser login is disabled (a "*" in the password field).
   This allows various utilities (such as "ls") to recognize files
   that belong to an ftp user (particularly important for backups).

3) In /users/ftp/etc, you must have a group and passwd file, of the same
   format as their related system files.  For example, in
   /users/ftp/etc/group add:

   ftpgroup:*:1000:

   and in /users/ftp/etc/passwd add:

   ftpuser:*:1000:1000:FTP User:/ftpusers:/bin/false

   Also, for each individual that you want to give access, add an
   additional entry.  Note that these have passwords (see passwd(1)
   for instructions on setting passwords in this file).

   george:3RgfBzfnipJPQ:1000:1000:George Smith \
                (FTP User):/ftpusers:/bin/false

   A few things to notice.  "ftpuser" is disabled.  The home directory
   for ftpuser is simply "/ftpusers", since anonymous ftp performs a
   chroot to the home directory specified for ftp in /etc/passwd (see
   chroot(2) and chroot(1M) for details).  "george" has the
   same uid, gid, and home directory that ftpuser has.  "george"
   will login as george with his own password.

4) Under /users/ftp, create a directory "ftpusers".  Make this
   directory with owner "ftpuser" and group "ftpgroup", with 770
   permissions.  This effectively prevents anonymous ftp access to this
   directory, since it is not world readable/writable.

That's it.

   Users access the system via anonymous:

   $ ftp sysname
   Connected to sysname.whatever.
   220 sysname FTP server
   Name (something:someuser): ftp
   331 Guest login ok, send ident as password.
   Password:
   230 Guest login ok, access restrictions apply.
   Remote system type is UNIX.
   Using binary mode to transfer files.
   ftp>

   Then, they use a sublogin to access their files:

   ftp> user george
   331 Password required for george.
   Password:
   230 User george logged in.
   ftp> pwd
   257 "/ftpusers" is current directory.
   ftp>

   Users are placed in whatever directory is specified as their
   home directory in /users/ftp/etc/passwd (relative to the
   chroot at /users/ftp).

   To remove access, remove their passwd entry from
   /users/ftp/etc/passwd.

This is all documented (though poorly) in the various ftp-related
manpages.

User Contributions:

Comment about this article, ask questions, or add new information about this topic:

CAPTCHA




Top Document: comp.sys.hp.hpux FAQ
Previous Document: 5.14.1 How can I tell if I need more than a 2-user license?
Next Document: 5.14.3 Has /etc/logingroup functionality changed in 11.x?

Single Page

[ Usenet FAQs | Web FAQs | Documents | RFC Index ]

Send corrections/additions to the FAQ Maintainer:
hpux.faq@gmail.com





Last Update March 27 2014 @ 02:11 PM