Thursday, March 20, 2014

Solaris: Restricted ftp access

groupadd partsftp
useradd -c "F1 performance project" -d /root/home/partsftp -g partsftp -m -s /usr/bin/false partsftp
svcadm -v enable ftp



Change user's home directory to /u01/network:
Code:
usermod -d /u01/network ftp_user

Then add:
Code:
restricted-uid ftp_user
to /etc/ftpd/ftpaccess file.


server1# vi /etc/shells
"/etc/shells" [New file]
/usr/bin/false



    deny-uid uid-range [uid-range...]
     deny-gid gid-range [gid-range...]
     allow-uid uid-range  [uid-range...]
     allow-gid gid-range [gid-range...]



/etc/ftpd/ftpaccess example
--------------
.
.
.
. omitted

# limit-time    anonymous       30
# limit         anonusers       10      Wk0730-1800       /etc/ftpd/toomany.msg
# limit         anonusers       50      SaSu|Any1800-0730 /etc/ftpd/toomany.msg
restricted-uid partsftp
allow-uid partsftp
deny-uid *
defumask 022
server1#