From: sumeet.chandwani@tcs.com
Date: Thu Jan 12 2006 - 06:58:37 EST
Hi,
We are having restrcicted ftp access setup on HP-UX server having HP-UX
B.11.00 OS using default /etc/ftpd/ftpaccess file.
When a user id having /usr/lib/rsh shell is used to FTP to the server from
our internal network the restricted access works fine. The user sees "/"
as current dir & not the actual home dir that is set. Also user is able to
put files & delete directories.
However when using the same user id (rsh shell) to FTP to the server from
outside our internal network ftp's the same server, he is able to log on &
view the files in the directory but not able to make directories or put
files. Error Access Denied.
Only the FTP port has been opened on the fierwall.
Also tried ftp access with root login id on the server. But getting
similar errors. Any ideas if there some other port are required to be
opened from firewall?
Or any ftp configuration changes to be done on server side.
Any inputs on the same will be appreciated
Below is the contents for FTP config files -
cat /etc/ftpd/ftpaccess
loginfails 2
class local real,guest,anonymous *.domain 0.0.0.0
class remote real,guest,anonymous *
limit local 20 Any /etc/msgs/msg.toomany
limit remote 100 SaSu|Any1800-0600 /etc/msgs/msg.toomany
limit remote 60 Any /etc/msgs/msg.toomany
readme README* login
readme README* cwd=*
message /welcome.msg login
message .message cwd=*
compress yes local remote
tar yes local remote
# allow use of private file for SITE GROUP and SITE GPASS?
private yes
# passwd-check <none|trivial|rfc822> [<enforce|warn>]
passwd-check rfc822 warn
log commands real
log transfers anonymous,real inbound,outbound
shutdown /etc/shutmsg
# all the following default to "yes" for everybody
delete no bob,guest,anonymous,csumeet # delete
permission?
overwrite no bob,guest,anonymous,csumeet # overwrite
permission?
rename no bob,guest,anonymous,csumeet # rename
permission?
chmod no bob,anonymous,csumeet # chmod
permission?
umask no bob,anonymous,csumeet # umask
permission?
# specify the upload directory information
upload /home/MRII_Image * no
upload /home/MRII_Image /incoming yes NBSFTP FTP 0600
upload /var/ftp * no
upload /var/ftp /incoming yes root daemon 0600 dirs
upload /var/ftp /bin no
upload /var/ftp /etc no
# directory aliases
alias inc /incoming
# cdpath
cdpath /incoming
cdpath /pub
cdpath /
# path-filter...
path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9_\.]*$ ^\. ^-
path-filter guest /etc/pathmsg ^[-A-Za-z0-9_\.]*$ ^\. ^-
# specify which group of users will be treated as "guests".
guestgroup ftponly
email user@hostname
***********************************
# grep ftp /etc/inetd.conf
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -a -l -u 022
***********************************
# grep NBS /etc/passwd
SSNFTP:x:***:***::/home/MRRI_Images/./incoming:/usr/bin/false
# cat /etc/shells
/usr/bin/ksh
/usr/bin/rsh
/usr/bin/sh
/sbin/sh
/usr/lbin/uucp/uucico
/usr/bin/false
Thanks,
Sumeet Prahlad Chandwani
Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:38:25 EDT