- 论坛徽章:
- 0
|
以前cu上有人提示过一个做法,你可以搜一下
这是我参考他的文章写的,你可以看一下
功能描述:
1、 要求创建一个用户,可以ftp至hpux主机,但不能login系统;
2、 此用户登录ftp后只能被限制在某一指定的目录中(例如自己的home目录),例如:一个用户hbora用户,组hbgroup,所属目录是/tmp/hb,实现让这个hbora用户只能有ftp权限,并且只能进/tmp/hb目录,不能进别的目录。
配置方法:
1.首先用sam创建ftp_user组.
2.用sam创建ftp_user用户.
3.使用vi编辑/etc/passwd文件,将ftp_user用户这一行改成如下格式:
ftp_user:*:200:200::/home/ftp_user/user/./:/bin/false
“/home/ftp_user/user/./” 表示用户登陆进入后的指定工作目录,比如:如果让用户登陆进入/tmp/hb那么可以设成“/tmp/hb/./”
3.编辑/etc/group文件,将ftp_user组这一行改成如下格式:
ftp_user::200:ftp_user
4.编辑/etc/inetd.conf文件,将ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l改成:
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -a
5.到/home/ftp_user目录中创建相关目录并复制所需文件:
#cd /home/ftp_user
#mkdir -p ./usr/bin
#mkdir -p ./etc
#cp /etc/passwd ./etc/. (把passwd中除ftp_user的用户条目删掉)(和服务器中/etc/passwd路径一致)
#cp /etc/group ./etc/. (把group中除ftp_user的条目删掉)(和服务器中/etc/group路径一致)
#cp /sbin/ls ./usr/bin/.(和服务器中ls执行路径一致:
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for /usr/bin/ls.
#cp /bin/pwd ./usr/bin/.
#chown -R ftp_user:ftp_user usr
#chown -R ftp_user:ftp_user etc
)
6.到/etc/ftpd目录
#cd /etc/ftpd
#touch ftpgroups
7.编辑/etc/ftpd/ftpaccess文件,文件内容可以使用以下模板:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# @(#)B.11.11_LR
#
loginfails 2
class all real,guest,anonymous *
limit local 20 Any /etc/msgs/msg.toomany
limit remote 100 SaSu|Any1800-0600 /etc/msgs/msg.toomany
limit remote 60 Any /etc/msgs/msg.toomany
readme README* login
readme README* cwd=*
message /welcome.msg login
message .message cwd=*
compress yes local remote
tar yes local remote
# allow use of private file for SITE GROUP and SITE GPASS?
private yes
# passwd-check []
passwd-check rfc822 warn
log commands real
log transfers anonymous,real inbound,outbound
shutdown /etc/shutmsg
# all the following default to "yes" for everybody
delete yes guest,anonymous # delete permission?
overwrite yes guest,anonymous # overwrite permission?
rename no guest,anonymous # rename permission?
chmod no anonymous # chmod permission?
umask no anonymous # umask permission?
# specify the upload directory information
upload /var/ftp * no
upload /var/ftp /incoming yes root daemon 0600 dirs
upload /var/ftp /bin no
upload /var/ftp /etc no
# directory aliases
alias inc /incoming
# cdpath
cdpath /incoming
cdpath /pub
cdpath /
# path-filter...
path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9_\.]*$ ^\. ^-
path-filter guest /etc/pathmsg ^[-A-Za-z0-9_\.]*$ ^\. ^-
# specify which group of users will be treated as "guests".
guestgroup ftp_user
email haha@haha.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
8.编辑/etc/shells文件,文件内容如下:
/bin/false
/sbin/sh
/usr/bin/sh
9.重启inetd进程:
#cd /sbin/init.d
#./inetd -c
10.配置完毕,测试功能. |
|