Top Document: comp.sys.hp.hpux FAQ Previous Document: 5.14.1 How can I tell if I need more than a 2-user license? Next Document: 5.14.3 Has /etc/logingroup functionality changed in 11.x? See reader questions & answers on this topic! - Help others by sharing your knowledge See-Also: item 7.1.1.3 Here is how to set up ftp so that a group of users only have ftp access, they all have their own individual passwd, but they all access the same set of files (i.e., the system thinks they are all really the same ftp user). With only a slight change, you can have a group of users that only have ftp access, each with their own individual passwd, and access only to their own set of files (this is left as an exercise for the reader). 1) Set up anonymous ftp (assumed in later instructions to be at /users/ftp). 2) Add a user and group to /etc/passwd and /etc/group. For example, in /etc/passwd: ftpuser:*:1000:1000:FTP User:/users/ftp/ftpusers:/bin/false and in /etc/group: ftpgroup:*:1000:ftpuser Note that ftpuser login is disabled (a "*" in the password field). This allows various utilities (such as "ls") to recognize files that belong to an ftp user (particularly important for backups). 3) In /users/ftp/etc, you must have a group and passwd file, of the same format as their related system files. For example, in /users/ftp/etc/group add: ftpgroup:*:1000: and in /users/ftp/etc/passwd add: ftpuser:*:1000:1000:FTP User:/ftpusers:/bin/false Also, for each individual that you want to give access, add an additional entry. Note that these have passwords (see passwd(1) for instructions on setting passwords in this file). george:3RgfBzfnipJPQ:1000:1000:George Smith \ (FTP User):/ftpusers:/bin/false A few things to notice. "ftpuser" is disabled. The home directory for ftpuser is simply "/ftpusers", since anonymous ftp performs a chroot to the home directory specified for ftp in /etc/passwd (see chroot(2) and chroot(1M) for details). "george" has the same uid, gid, and home directory that ftpuser has. "george" will login as george with his own password. 4) Under /users/ftp, create a directory "ftpusers". Make this directory with owner "ftpuser" and group "ftpgroup", with 770 permissions. This effectively prevents anonymous ftp access to this directory, since it is not world readable/writable. That's it. Users access the system via anonymous: $ ftp sysname Connected to sysname.whatever. 220 sysname FTP server Name (something:someuser): ftp 331 Guest login ok, send ident as password. Password: 230 Guest login ok, access restrictions apply. Remote system type is UNIX. Using binary mode to transfer files. ftp> Then, they use a sublogin to access their files: ftp> user george 331 Password required for george. Password: 230 User george logged in. ftp> pwd 257 "/ftpusers" is current directory. ftp> Users are placed in whatever directory is specified as their home directory in /users/ftp/etc/passwd (relative to the chroot at /users/ftp). To remove access, remove their passwd entry from /users/ftp/etc/passwd. This is all documented (though poorly) in the various ftp-related manpages. User Contributions:Top Document: comp.sys.hp.hpux FAQ Previous Document: 5.14.1 How can I tell if I need more than a 2-user license? Next Document: 5.14.3 Has /etc/logingroup functionality changed in 11.x? Single Page [ Usenet FAQs | Web FAQs | Documents | RFC Index ] Send corrections/additions to the FAQ Maintainer: hpux.faq@gmail.com
Last Update March 27 2014 @ 02:11 PM
|
Comment about this article, ask questions, or add new information about this topic: