LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-10-2012, 10:32 AM   #1
raasukutty
LQ Newbie
 
Registered: Jan 2012
Posts: 1

Rep: Reputation: Disabled
Question how to deny user from accessing FTP service using /etc/hosts.deny in redhat 6


how to deny user from accessing FTP service,restrict using /etc/hosts.deny in REDHAT6....
 
Old 01-10-2012, 12:15 PM   #2
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Debian, OS X
Posts: 1,266

Rep: Reputation: 99
Lightbulb

Quote:
Originally Posted by raasukutty View Post
how to deny user from accessing FTP service,restrict using /etc/hosts.deny in REDHAT6....
You can use /etc/vsftpd/ftpusers file, no need to use TCP Wrappers for this.

See this thread.
 
Old 01-10-2012, 12:47 PM   #3
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 14,577

Rep: Reputation: 2557Reputation: 2557Reputation: 2557Reputation: 2557Reputation: 2557Reputation: 2557Reputation: 2557Reputation: 2557Reputation: 2557Reputation: 2557Reputation: 2557
Quote:
Originally Posted by vikas027 View Post
You can use /etc/vsftpd/ftpusers file, no need to use TCP Wrappers for this.

See this thread.
The OP specifically asked about using TCP wrappers..wouldn't it be best to address the need? And the thread you directed to is ten years old...quite a bit has changed.

OP, RedHat's knowledgebase has articles on this. Read the man pages for hosts_access, too:
http://docs.redhat.com/docs/en-US/Re...rs-access.html

You don't say what FTP server you're using, but wu_ftpd, pureftp, and vsftpd all have ways of doing this as well.
 
Old 01-11-2012, 10:56 AM   #4
Linux_Kidd
Member
 
Registered: Jan 2006
Location: USA
Posts: 518

Rep: Reputation: 51
"user" and hosts.deny is not typical, not like peanut butter & jelly.

i am not a big user of hosts.deny/allow,

typically hosts.deny/allow use hostnames or IP. however, maybe a way to mix "user" in with hosts.deny/allow is to use hosts.allow with something like "in.ftpd ALL:" and spawn a script that reads a file "not-allowed-ftp-users" and then finds a ftpd PID that matches username from file list and then kill the PID.

sounds like it can work, just not sure if this is what you are needing, meaning there are other better ways to handle such, but you asked about hosts.deny, etc.
 
Old 01-19-2012, 08:23 AM   #5
LauMars
Member
 
Registered: Sep 2007
Location: /root/
Distribution: Arch, CentOS, Debian, FreeBSD, Slackware, Solaris, SuSE (Open & SLES)
Posts: 115

Rep: Reputation: 25
Quote:
Originally Posted by TB0ne View Post
The OP specifically asked about using TCP wrappers..wouldn't it be best to address the need? And the thread you directed to is ten years old...quite a bit has changed.
Redhat 6 is more than 10 years old (though I concede that he may have meant RHEL 6 rather than Redhat 6) and TCP wrappers isn't the correct way block specific users from FTP (in many cases, it's not even possible). If you want to block specific users then you need to blacklist them in the FTP server settings (as the guy you quoted correctly advised)
 
Old 01-19-2012, 11:06 AM   #6
John VV
Guru
 
Registered: Aug 2005
Posts: 12,901

Rep: Reputation: 1713Reputation: 1713Reputation: 1713Reputation: 1713Reputation: 1713Reputation: 1713Reputation: 1713Reputation: 1713Reputation: 1713Reputation: 1713Reputation: 1713
if it is RH6 then it should not be still connected to the net
IF it is RHEL6.2 then i would NOT use the host file

add a FTP user group and set a SElinux rule to only allow THAT group
 
1 members found this post helpful.
Old 01-19-2012, 04:32 PM   #7
LauMars
Member
 
Registered: Sep 2007
Location: /root/
Distribution: Arch, CentOS, Debian, FreeBSD, Slackware, Solaris, SuSE (Open & SLES)
Posts: 115

Rep: Reputation: 25
Quote:
Originally Posted by John VV View Post
if it is RH6 then it should not be still connected to the net
Indeed, but you'd be amazed at some of the old systems that are still in use (in my last job, there was a Win95 desktop still being used as a web terminal for secure payments - in fact it's probably still in use :-/ )
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
can't restrict sshd access through hosts.allow and hosts.deny but was working earlier farhan Linux - Security 4 04-18-2008 07:41 AM
SELinux puts ip into hosts.deny when accessing ossec web interface kav Linux - Software 3 04-21-2007 01:05 PM
how to deny user to use ftp to access system ust Linux - Software 4 05-23-2005 08:39 PM
Host in hosts.deny able to access HTTP service mikebalcos Linux - Networking 1 08-12-2004 09:40 AM
How to restrict only one user can use telnet in /etc/hosts.deny? lzyking Linux - Software 2 02-12-2003 07:19 PM


All times are GMT -5. The time now is 10:47 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration