creating read-only ftp user

Hi I am running Solaris.  

I just wanted to know if there is a way to create a read-only user account that allows the user to ftp files out.  

Thanks in advance :)
Trigger_HippieAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gripeCommented:
Hi Trigger_Hippie,

Yes, just change the permissions to read-only for the directory (and subdirectories) that user has access to.


0
gripeCommented:
chmod -R 440 /where/your/ftpusers/home/directory/is

Will change all permissions under /where/your/ftpusers/home/directory/is to user=read, group=read, other=none

Be careful with the -R option.. it's recursive (IE: it changes the directory you specify and ALL subdirectories and files to the same permissions)
0
gripeCommented:
ack i'm sorry.. i mistyped.. you'll need to give the user execute access to the directories so that he/she can change directory to them.

chmod 550 on the directory rather than 440 (440 on the files)
0
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

Trigger_HippieAuthor Commented:
I'm a bit of a newbie at this so bare with me...

"Yes, just change the permissions to read-only for the directory (and subdirectories) that user has access to."

how do you specify what directories a user/group can access?
0
Trigger_HippieAuthor Commented:
I'm a bit of a newbie at this so bare with me...

"Yes, just change the permissions to read-only for the directory (and subdirectories) that user has access to."

how do you specify what directories a user/group can access?

Would i have to chmod o= /directory/ to all directories I don't want the user/group to access?  Or is there a way I can just specify this user/group can only access /this/directory/ ?
0
gripeCommented:
It depends on what ftp daemon you're using. In some you can 'lock' (chroot) the user to a specific directory or set of subdirectories and manage permissions from there. In (most) others, they can navigate through the filesystem's parent directories because these directories have rx permissions for 'other' or 'all'.

However, generally the user will not be able to write to any directory/file/filesystem outside of his home directory (unless you specifically give him permission to or possibly in the /tmp filesystem/directory) so if you change the user's home directory and files to 'read only' they will only be able to read from there (and by default wherever else typical system users can read from)

If you want to lock the user to within a specific directory (IE: so that cd / returns them to their home directory), this is somewhat more complex and usually requires an ftpd that supports chrooting. To explain this I need to know what version of ftpd you're using.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gheistCommented:
Depends on how strong is your will ...

Each offers different degree and perceptions of safety
1) make user into separate group and make its home directory to belong to others , and not writable by "o" (chmod -R o-w ~ftpluser)
2) make a user account chroot into home dir, set up as (1) // not supported by default in.ftpd
3) use special read-only one-user ftp server // -"-
4) for maximum paranoia level limit rarely used commands, like EPSV FXP etc // ????
5) make sure you log every command to adjust other parameters and solve problems

So for maximum safety I suggest something like downloading pureftpd from sunfreeware or so
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.