LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   how to deny user from accessing FTP service using /etc/hosts.deny in redhat 6 (http://www.linuxquestions.org/questions/linux-security-4/how-to-deny-user-from-accessing-ftp-service-using-etc-hosts-deny-in-redhat-6-a-923081/)

raasukutty 01-10-2012 10:32 AM

how to deny user from accessing FTP service using /etc/hosts.deny in redhat 6
 
how to deny user from accessing FTP service,restrict using /etc/hosts.deny in REDHAT6....

vikas027 01-10-2012 12:15 PM

Quote:

Originally Posted by raasukutty (Post 4571132)
how to deny user from accessing FTP service,restrict using /etc/hosts.deny in REDHAT6....

You can use /etc/vsftpd/ftpusers file, no need to use TCP Wrappers for this.

See this thread.

TB0ne 01-10-2012 12:47 PM

Quote:

Originally Posted by vikas027 (Post 4571196)
You can use /etc/vsftpd/ftpusers file, no need to use TCP Wrappers for this.

See this thread.

The OP specifically asked about using TCP wrappers..wouldn't it be best to address the need? And the thread you directed to is ten years old...quite a bit has changed.

OP, RedHat's knowledgebase has articles on this. Read the man pages for hosts_access, too:
http://docs.redhat.com/docs/en-US/Re...rs-access.html

You don't say what FTP server you're using, but wu_ftpd, pureftp, and vsftpd all have ways of doing this as well.

Linux_Kidd 01-11-2012 10:56 AM

"user" and hosts.deny is not typical, not like peanut butter & jelly.

i am not a big user of hosts.deny/allow,

typically hosts.deny/allow use hostnames or IP. however, maybe a way to mix "user" in with hosts.deny/allow is to use hosts.allow with something like "in.ftpd ALL:" and spawn a script that reads a file "not-allowed-ftp-users" and then finds a ftpd PID that matches username from file list and then kill the PID.

sounds like it can work, just not sure if this is what you are needing, meaning there are other better ways to handle such, but you asked about hosts.deny, etc.

LauMars 01-19-2012 08:23 AM

Quote:

Originally Posted by TB0ne (Post 4571213)
The OP specifically asked about using TCP wrappers..wouldn't it be best to address the need? And the thread you directed to is ten years old...quite a bit has changed.

Redhat 6 is more than 10 years old (though I concede that he may have meant RHEL 6 rather than Redhat 6) and TCP wrappers isn't the correct way block specific users from FTP (in many cases, it's not even possible). If you want to block specific users then you need to blacklist them in the FTP server settings (as the guy you quoted correctly advised)

John VV 01-19-2012 11:06 AM

if it is RH6 then it should not be still connected to the net
IF it is RHEL6.2 then i would NOT use the host file

add a FTP user group and set a SElinux rule to only allow THAT group

LauMars 01-19-2012 04:32 PM

Quote:

Originally Posted by John VV (Post 4578991)
if it is RH6 then it should not be still connected to the net

Indeed, but you'd be amazed at some of the old systems that are still in use (in my last job, there was a Win95 desktop still being used as a web terminal for secure payments - in fact it's probably still in use :-/ )


All times are GMT -5. The time now is 03:18 PM.