Shulou(Shulou.com)05/31 Report--

Sco configure ftpaccess how to restrict FTP users to their own directories. For this question, this article introduces the corresponding analysis and solutions in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible way.

Step 1: create a ftp guest group, use the groupadd command, or use the ftp group created by the ftp server (less / etc/group to see if it exists, even if ftp server is installed)

Step 2: add ftp users to the ftp group

Step 3: modify the / etc/ftpaccess file and add the definition of guestgroup: guestgroup ftp; or specify the ftp user name directly with guestuser, such as guestuser ftpuser

Vi / etc/ftpaccess

Restricted-gid 101

Upload / home/ljcz/txt yes real guest anonymous 0644

Guestgroup myftp

Reference: ftpaccess example

Loginfails 3

Class local real *

Class remote anonymous guest *

Limit remote 100 Any / etc/ftpd/toomany.msg

Message / etc/ftpd/welcome.msg login

Compress yes local remote

Tar yes local remote

Private yes

Passwd-check rfc822 warn

Log commands real

Log transfer anonymous guest inbound outbound

Log transfer real inbound

Shutdown / etc/ftpd/shut.msg

Delete no anonymous,guest

Overwrite no anonymous,guest

Rename no anonymous

Chmod no anonymous,guest

Umask no anonymous

Upload / home/ftpd * no

Upload / home/ftpd / bin no

Upload / home/ftpd / etc no

Upload / home/ftpd / pub yes real 0644 dirs

Upload / home/ftpd / incoming yes real guest anonymous 0644 dirs

Alias in / incoming

Email guest@xxx.net

Email guest@yyy.net

Deny * .com.tw / etc/ftpd/deny.msg

Below we explain sentence by sentence, and give the meaning of each setting, so that we can follow the analogy, so that we can make reasonable settings according to the specific conditions of their own FTP server.

1. Format: loginfails [times]

Function: set the number of times the user is allowed to enter the wrong password when logging in to the FTP server.

Example: loginfails 3: disconnect the connection after entering the password incorrectly for three times.

2. Format: class [class name] [real/guest/anonymous] [IP address]

Function: the function of this directive sets the category of users on the FTP server. And the client's IP address can be restricted to allow some part of the IP address or all the IP address to access. Users on FTP servers can basically be divided into the following three categories:

Real users who have legitimate accounts on this FTP server

Anonymous users with a record in guest

Anonymous user with the lowest anonymous privilege

Example: class local real *: defines a class called local that contains real users who log in anywhere (* represents all IP addresses).

Class remote anonymous guest *: define a class called remote that contains anonymous and guest users who log in anywhere.

3. Format: limit [category] [number of people] [time] [file name]

Function: the function of this instruction is to set the maximum number of connections allowed for a specified category within a specified period of time. When the maximum number of people is reached, the contents of the specified file are displayed.

Example: limit remote 100Any / etc/ftpd/toomany.msg: at any time, when the number of remote users reaches 100, it will no longer be allowed to generate a new connection, when the 101st customer wants to connect, the connection will fail and the user will show the contents of the file / etc/ftpd/toomany.msg.

4. Format: message [file name] [directive]

Function: when the user executes the specified instruction, the system displays the contents of the specified file.

Example: message / etc/ftpd/welcome.msg login: when the user executes the login command, that is, when he logs in to the FTP server, the system will display the contents of the file / etc/ftpd/welcome.msg.

5. Format: compress [yes/no] [category]

Function: sets which category of users can use the compress (compression) function.

Example: compress yes local remote: allows users in both local and remote categories to use the compress (compression) feature.

6. Format: tar [yes/no] [category]

Function: sets which category of users can use the tar (archiving) function.

Example: tar yes local remote: allows both local and remote users to use the tar feature.

7. Format: private [yes/no]

Function: set whether group access to files is supported.

Example: private yes: supports group access to files.

8. Format: passwd-check [none/trivial/rfc822] [enforce/warn]

Function: set the password for anonymous user anonymous.

None means no password verification. Any password can be logged in.

Trival means that you can log in as long as the password you enter contains the character "@".

Rfc822 indicates that the password must conform to the E-Mail format specified in RFC822 before you can log in.

Enfore indicates that login is not allowed if the password entered does not conform to the format specified above.

Warn indicates that only a warning message appears when the password does not comply with the rules, and you can still log in.

Example: passwd-check rfc822 warn: you want to get the specified E-Mail as the password, but if not, you are allowed to log in.

9. Format: log command [real/guest/anonymous]

Function: sets which users' actions after login are recorded in the file / usr/adm/xferlog.

Example: log command real: when a real user logs in, record his actions. Because other users have lower privileges, the operation will not cause too much security risks, so you only need to write down the actions of real users.

10. Format: log transfers [real/guest/anonymous] [inbound/outbound]

Function: set which users' upload (inbound) and download (outbound) operations do log.

Example: log transfer anonymous guest inbound outbound: anonymous users should pay more attention to their file operations, so record both uploads and downloads.

Log transfer real inbound: for legitimate users, only their upload records are recorded.

11. Format: shutdown [file name]

Function: the shutdown time of the FTP server can be set in the file specified later. When the set time is up, you will not be able to log in to the FTP server. If you want to restore, you can only delete this file. This file must be generated by the instruction / bin/ftpshut.

Example: shutdown / etc/ftpd/shut.msg

12. Format: delete [yes/no] [real/anonymous/guest]

Function: sets whether the specified user is allowed to delete files using the delete command. The default is allowed.

Example: delete no anonymous,guest: in order to better manage the FTP server, we generally do not allow anonymous users to execute delete commands.

13. Format: overwrite [yes/no] [real/anonymous/guest]

Function: sets whether the specified user is allowed to overwrite the file with the same name. The default is allowed.

Example: overwrite no anonymous,guest: in order to better manage the FTP server, we generally do not allow anonymous users to overwrite files with the same name.

14. Format: rename [yes/no] [real/anonymous/guest]

Function: sets whether the specified user is allowed to use the rename command to rename the file. The default is allowed.

Example: delete no anonymous: in order to better manage the FTP server, we generally do not allow anonymous users to change the file name by executing the rename command. On the other hand, the anonymous users with records are appropriately relaxed to allow them to use the renaming command.

15. Format: chmod [yes/no] [real/anonymous/guest]

Function: sets whether the specified user is allowed to change file permissions using the chmod command. The default is allowed.

Example: delete no anonymous,guest: in order to better manage the FTP server, in general, we do not allow anonymous users to execute chmod commands to change file permissions.

16. Format: umask [yes/no] [real/anonymous/guest]

Function: sets whether the specified user is allowed to use the umask command. The default is allowed.

Example: delete no anonymous: in order to better manage the FTP server, we generally do not allow anonymous users to execute umask commands.

17. Format: upload [root directory] [upload directory] [yes/no] [user] [permissions] [dirs/nodirs]

Function: more detailed settings for directories that can be uploaded.

Example: upload / home/ftpd * no: upload is not allowed under subdirectory / home/ftpd

Upload / home/ftpd/bin no: indicates that upload is not allowed under the subdirectory / home/ftpd/bin

Upload / home/ftpd/etc no: indicates that upload is not allowed under the subdirectory / home/ftpd/etc

Upload / home/ftpd/pub yes real 0644 dirs: allows legitimate users on the server to upload files with permissions of 0644 (that is,-rw-r--r--) in the subdirectory / home/ftpd/pub directory, and new subdirectories can be created in this directory.

Upload / home/ftpd/incoming yes real guest anonymous 0644 dirs: allows all users to upload files with permissions of 0644 under the subdirectory / home/ftpd/incoming, and new subdirectories can be created in this directory.

18. Format: alias [directory alias] [directory name]

Function: set an alias to the specified directory, and you can use a shorter directory alias when switching directories.

Example: alias inc: / incoming: set an alias inc: for the subdirectory incoming.

19. Format: email [E-Mail address of guest]

Function: as long as some E-Mail addresses are set in this place, when these users log in to the FTP server, their identity will be guest, which is generally lower than real and higher than anonymous.

Example: email guest@xxx.net email guest@yyy.net: this is just an example, which can actually contain multiple E-Mail addresses that conform to the specification.

20. Format: deny [IP address / domain name] [description file]

Function: this setting limits which IP address or domain name users cannot log on to the FTP server.

Example: deny * .com.tw / etc/ftpd/deny.msg: disable access to any domain name whose domain name ends with ".com.tw". Instead, the contents of / etc/ftpd/deny.msg are displayed to the user.

This is the answer to the question about how sco configures ftpaccess to restrict FTP users in their own directory. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.