How to setup FTP accounts

Hello Experts,
I'm trying to setup a ftp account so that external users can ftp some files into our production server. For this I need some  configurations made for the FTP user so that he cannot change directories and read and write only to his home directory . I read that this can be done by using a  /etc/ftpaccess.ctl .But I do not know how to do this .Can anyone suggest how to do this and if possible a sample file . I read the man file for ftpd but dint really help me .
Thanks in advance
Who is Participating?
woolmilkporcConnect With a Mentor Commented:

it seems that you want to have your users run sftp or scp only, because without that requirement a simple ssh/sftp configuration would have been sufficient.

Anyway, if the rssh binary is in /usr/local/bin, you need to add /usr/local/bin/rssh to /etc/security/login.cfg -
usw:           shells = /bin/sh,..............,/usr/local/bin/rssh
and in /etc/passwd give your user /usr/local/bin/rssh as their shell.
Their home directory must be inside the chroot jail, as defined in the rssh configuration file (/etc/rssh or /usr/local/etc/rssh, if I remember well).

Also take care to setup all the directories/files/devices which are required inside the jail. I think there is a script which does that, or the like.
I guess you have a document on how to do this at hand.

I hope all this will work under AIX. I never used it there, but perhaps I'll find some time to test it next week. You must know that I'm always very curious when it comes to such things.  

Good luck, and please let me know what you achieved!




 I think the best way to do this is to switch to SFTP, which does support chrooting and uses a more secure protocol (SSH).

If you have to stay with FTP, using ftpaccess.ctl is only a good idea if all your restricted users can be allowed to write to / read from one or more directories 'common' to all of them, in a way as with anonymous ftp.
However, if every user needs an own exclusive home directory which he will not be allowed to leave, I fear you can't go with native AIX ftpd, but will have to use something like proFTPd or wuFTPd, which support chroot jails.

Should you decide to go with ftpaccess.ctl, we surely will be able to develop an appropriate configuration.

Please let me know; but alas i can't come back here before tomorrow (8-10 hours or so).




Hi again,
I had to do some tests because I didn't use ftpaccess.ctl for a long time.
It seems that in the newer AIX releases there is actually something like a chrooted homedir for named users. It is obviously some kind of enhancement to anonymous ftp, in a way that you can have individually named users with password authentication.
I'd suggest that, as a first approach, you create a /etc/ftpaccess.ctl file containing only the line
puseronly: [testuser]
with testuser being one of the ftp users you mentioned, or actually a test user. The user must be contained in /etc/passwd, must have a valid login shell and a home directory. 'man ftpd' says that login must be disabled. My tests did work with login enabled, however. If you'd like to disable login nevertheless, add 'login = false' to the user's stanza in /etc/security/user. [testuser] will have ftp activities restricted to their home directory.
Test it if you like, and please report what you found out.
To make the whole thing really complete, you can use the IBM-provided script
/usr/samples/tcpip/anon.users.ftp [testuser]   (even if [testuser] already exists)
to create some nice-to-have subdirs and entries in the user's homedir, such as bin, etc, dev, lpp, pub. Don't worry, the script will not destroy anything.
Good luck!
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

vishwakarmakAuthor Commented:
I will definitely try the ideas you provided here and post what I have found,
Once again thanks for all the support :)
vishwakarmakAuthor Commented:
Hi again,
I thoight I would try setting up  sftp as you mentioned .I found something online and was following it .But i'm getting the following error

3004-703 Check "/etc/security/login.cfg" file.
3004-692 Error changing "shell" to "/usr/bin/rssh" : Value is invalid.
I tried to add rssh in /etc/shellls and /etc/secuirty/login.cfg but still getting the same error.

when i compiled the source code ,and did a find on rssh ,I found it under /usr/local/bin.
Can you help me trouble shooting .I will post any required info ...

Hi vishwakarmak,

I actually managed to install rssh - and it works pretty well.
So I think I could give some more or less useful hints, should you need them.

Alors, à bientôt, see you soon,


vishwakarmakAuthor Commented:
Hi WMP ,
Actually I also installed rssh and tried it and it works fine as of now!......
Thanks for all the support you allways give ......

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.