?
Solved

How to setup FTP accounts

Posted on 2009-04-16
7
Medium Priority
?
3,299 Views
Last Modified: 2013-11-17
Hello Experts,
I'm trying to setup a ftp account so that external users can ftp some files into our production server. For this I need some  configurations made for the FTP user so that he cannot change directories and read and write only to his home directory . I read that this can be done by using a  /etc/ftpaccess.ctl .But I do not know how to do this .Can anyone suggest how to do this and if possible a sample file . I read the man file for ftpd but dint really help me .
Thanks in advance
0
Comment
Question by:vishwakarmak
  • 4
  • 3
7 Comments
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 24163772
Hi,

 I think the best way to do this is to switch to SFTP, which does support chrooting and uses a more secure protocol (SSH).

If you have to stay with FTP, using ftpaccess.ctl is only a good idea if all your restricted users can be allowed to write to / read from one or more directories 'common' to all of them, in a way as with anonymous ftp.
However, if every user needs an own exclusive home directory which he will not be allowed to leave, I fear you can't go with native AIX ftpd, but will have to use something like proFTPd or wuFTPd, which support chroot jails.

Should you decide to go with ftpaccess.ctl, we surely will be able to develop an appropriate configuration.

Please let me know; but alas i can't come back here before tomorrow (8-10 hours or so).

Cheers

wmp



 



0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 24165904
Hi again,
I had to do some tests because I didn't use ftpaccess.ctl for a long time.
It seems that in the newer AIX releases there is actually something like a chrooted homedir for named users. It is obviously some kind of enhancement to anonymous ftp, in a way that you can have individually named users with password authentication.
I'd suggest that, as a first approach, you create a /etc/ftpaccess.ctl file containing only the line
puseronly: [testuser]
with testuser being one of the ftp users you mentioned, or actually a test user. The user must be contained in /etc/passwd, must have a valid login shell and a home directory. 'man ftpd' says that login must be disabled. My tests did work with login enabled, however. If you'd like to disable login nevertheless, add 'login = false' to the user's stanza in /etc/security/user. [testuser] will have ftp activities restricted to their home directory.
Test it if you like, and please report what you found out.
To make the whole thing really complete, you can use the IBM-provided script
/usr/samples/tcpip/anon.users.ftp [testuser]   (even if [testuser] already exists)
to create some nice-to-have subdirs and entries in the user's homedir, such as bin, etc, dev, lpp, pub. Don't worry, the script will not destroy anything.
Good luck!
wmp
 
 
0
 

Author Comment

by:vishwakarmak
ID: 24168916
Hi,WMP,
I will definitely try the ideas you provided here and post what I have found,
Once again thanks for all the support :)
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:vishwakarmak
ID: 24172375
Hi again,
I thoight I would try setting up  sftp as you mentioned .I found something online and was following it .But i'm getting the following error

3004-703 Check "/etc/security/login.cfg" file.
3004-692 Error changing "shell" to "/usr/bin/rssh" : Value is invalid.
I tried to add rssh in /etc/shellls and /etc/secuirty/login.cfg but still getting the same error.

when i compiled the source code ,and did a find on rssh ,I found it under /usr/local/bin.
Can you help me trouble shooting .I will post any required info ...

0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 2000 total points
ID: 24176406
Hi,

it seems that you want to have your users run sftp or scp only, because without that requirement a simple ssh/sftp configuration would have been sufficient.

Anyway, if the rssh binary is in /usr/local/bin, you need to add /usr/local/bin/rssh to /etc/security/login.cfg -
usw:           shells = /bin/sh,..............,/usr/local/bin/rssh
and in /etc/passwd give your user /usr/local/bin/rssh as their shell.
Their home directory must be inside the chroot jail, as defined in the rssh configuration file (/etc/rssh or /usr/local/etc/rssh, if I remember well).

Also take care to setup all the directories/files/devices which are required inside the jail. I think there is a script which does that, mkchroot.sh or the like.
I guess you have a document on how to do this at hand.

I hope all this will work under AIX. I never used it there, but perhaps I'll find some time to test it next week. You must know that I'm always very curious when it comes to such things.  

Good luck, and please let me know what you achieved!

Cheers

wmp

0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 24197853
Hi vishwakarmak,

I actually managed to install rssh - and it works pretty well.
So I think I could give some more or less useful hints, should you need them.

Alors, à bientôt, see you soon,

wmp





0
 

Author Comment

by:vishwakarmak
ID: 24206136
Hi WMP ,
Actually I also installed rssh and tried it and it works fine as of now!......
Thanks for all the support you allways give ......

-Cheers
VK
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
My previous tech tip, Installing the Solaris OS From the Flash Archive On a Tape (http://www.experts-exchange.com/articles/OS/Unix/Solaris/Installing-the-Solaris-OS-From-the-Flash-Archive-on-a-Tape.html), discussed installing the Solaris Operating S…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question