LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > AIX
User Name
Password
AIX This forum is for the discussion of IBM AIX.
eserver and other IBM related questions are also on topic.

Notices

Reply
 
LinkBack Search this Thread
Old 06-03-2004, 09:45 AM   #1
Risc91
Member
 
Registered: Jan 2002
Location: Macomb, MI
Distribution: Ubuntu|Red Hat ES|AIX
Posts: 161

Rep: Reputation: 30
user access control


I have some users that will be FTPing into a box to upload images for a website. I want the users to be locked in their respective image directories. What would be the best way to go about this?

My thought was to create the users and put a symlink in their home directories to their image directory. Then lock them in the home directory. Is their a better way? (Also, how do I lock them in the directory?)
 
Old 06-03-2004, 03:27 PM   #2
iainr
Member
 
Registered: Nov 2002
Location: England
Distribution: Ubuntu 9.04
Posts: 631

Rep: Reputation: 30
You want to set up a chroot'd environment for ftp, so the users see the images directory as their root directory. I haven't done this on AIX myself, but it is pretty much the same as for Linux and other UNIXs so you can look around for how-tos.
 
Old 06-04-2004, 08:50 AM   #3
Risc91
Member
 
Registered: Jan 2002
Location: Macomb, MI
Distribution: Ubuntu|Red Hat ES|AIX
Posts: 161

Original Poster
Rep: Reputation: 30
Good Call. I'll check it out. Thanks for the help.
 
Old 06-14-2004, 01:12 AM   #4
duanyu
LQ Newbie
 
Registered: Jun 2004
Posts: 8

Rep: Reputation: 0
Cool

Well,

I do things a little different, may not be the best though:

1. Set the home directory for the userID to the specific directory (in your case, containing the images).

2. Assign Rsh to the userID (so that the userID cannot cd ..)

3. Apply ACL to that specific directory (owned by root for instance) to grant userID specific access.

For your comments/exploration.

 
Old 06-14-2004, 09:33 AM   #5
Risc91
Member
 
Registered: Jan 2002
Location: Macomb, MI
Distribution: Ubuntu|Red Hat ES|AIX
Posts: 161

Original Poster
Rep: Reputation: 30
How do I assign Rsh to the given userID? I am able to call it from the command line, but it only stays for that session. As soon as I logout its no longer applied.
 
Old 06-14-2004, 09:14 PM   #6
duanyu
LQ Newbie
 
Registered: Jun 2004
Posts: 8

Rep: Reputation: 0
Oh....

Not sure if i understood you correctly, if you were asking how to assign Rsh to a userID, here's how it can be done:

Method 1:

Well, you can use smitty user, select the option to show/change user characteristics, you can see the Initial Program -> you can point it to /usr/bin/Rsh instead of the default ksh.
(Be sure to check if /usr/bin/Rsh exists in your system)

Method 2:

You may also want to do the direct way by just modifying the /etc/passwd file, the last entry in the line delimited by ':' to the path /usr/bin/Rsh.

Below shows an example for restricting userA to the designated ftp directory in /etc/passwd file:

userA:!:1234:1234::/publicFTP:/usr/bin/Rsh

Hope this helps.
 
Old 06-15-2004, 09:29 AM   #7
Risc91
Member
 
Registered: Jan 2002
Location: Macomb, MI
Distribution: Ubuntu|Red Hat ES|AIX
Posts: 161

Original Poster
Rep: Reputation: 30
Gotcha. Originally that is how I tried to set it up, however, when I set the 'initial program' to /usr/bin/Rsh I get the following:

Check "/etc/security/login.cfg" file
Error changing "shell" to "/usr/bin/Rsh" : Value is invalid.


So I'm guessing I need to add "/usr/bin/Rsh" to the login.cfg as one of the available shells?

Last edited by Risc91; 06-15-2004 at 09:43 AM.
 
Old 06-15-2004, 09:50 AM   #8
Risc91
Member
 
Registered: Jan 2002
Location: Macomb, MI
Distribution: Ubuntu|Red Hat ES|AIX
Posts: 161

Original Poster
Rep: Reputation: 30
Hmmm......I added /usr/bin/Rsh to the login.cfg, but I can't login with the user.
 
Old 06-17-2004, 01:30 AM   #9
duanyu
LQ Newbie
 
Registered: Jun 2004
Posts: 8

Rep: Reputation: 0


Hmmm.....

Perhaps you would like to take a look at the following link and see if anything is OK?

http://publibn.boulder.ibm.com/doc_l...cted_shell.htm

 
Old 06-17-2004, 03:24 AM   #10
zorba4
Member
 
Registered: Feb 2004
Location: Paris
Posts: 398

Rep: Reputation: 31
@duanyu : my browser did not like the doc_...icted_ part of the link you gave
(http://publibn.boulder.ibm.com/doc_...icted_shell.htm).
Could you find the full link name, or give the way you reached it ?
 
Old 06-17-2004, 04:38 AM   #11
iainr
Member
 
Registered: Nov 2002
Location: England
Distribution: Ubuntu 9.04
Posts: 631

Rep: Reputation: 30
Quote:
Originally posted by zorba4
@duanyu : my browser did not like the doc_...icted_ part of the link you gave
(http://publibn.boulder.ibm.com/doc_...icted_shell.htm).
Could you find the full link name, or give the way you reached it ?
Clicking on the link worked for me.

Rsh is effectively the bourne shell (bsh) in restricted mode. If users prefer the korn shell, you can also use ksh -r to invoke ksh in restricted mode.

Quote:
rksh is used to set up login names and execution environ-
ments whose capabilities are more controlled than those of
the standard shell. The actions of rksh are identical to
those of ksh, except that the following are disallowed:

o changing directory (see cd(1))

o setting the value of SHELL, ENV, or PATH

o specifying path or command names containing /

o redirecting output (>, >|, <>, and >>)

o changing group (see newgrp(1)).

The restrictions above are enforced after .profile and the
ENV files are interpreted.
 
Old 06-17-2004, 05:12 AM   #12
duanyu
LQ Newbie
 
Registered: Jun 2004
Posts: 8

Rep: Reputation: 0


My apologies for not maintaing the text for the link in proper.
However, you can still reach it by clicking on the link itself.

Thanks iainr for verifying.

 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Control amount of time a user may be logged in. (Parental Control) darrensnospam Mandriva 13 02-18-2006 05:01 PM
control user access ust Linux - General 1 06-07-2005 08:05 AM
I lose ftp access when I disable shell access for user captainObvious Linux - General 3 11-13-2004 05:49 PM
Access Control Lists wgriffin43 Linux - Software 2 09-23-2002 07:54 PM
Samba Upgrade Watch (For User Level Access Control Support) Larry James Linux - Networking 7 11-08-2000 11:13 AM


All times are GMT -5. The time now is 06:59 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration