[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Disable FTP Access

Subject: RE: [cobalt-users] Disable FTP Access
From: Mailing List Account <listmail@xxxxxxxxxxx>
Date: Wed Apr 23 12:51:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

On Wed, 23 Apr 2003, Ian wrote:

> Yes guys, I am missing something here very obvious

	The man page perhaps?

	I don't have a RAQ3/4 here any longer so I have no system to look
at. However, I believe Proftp is used on these machines. If so, the
documentation for Proftp specifically states that it is not possible to
shutdown a single virtual host:

	http://www.proftpd.org/docs/faq/linked/faq-ch4.html#AEN456

	The URL above is hand typed so it may contain an error however
there should be enough clues there to point you in the right direction.

	While I sent it directly to you - blasted list configuration -
instead of to the list and I don't have time to do the research on this to
see if it will work with proftpd - setting an invalid shell (a shell not
listed in /etc/shells) for a user we don't want to provide ftp access for
works here on our servers - though none of them are running proftpd.
Nevertheless, this is probably worth a try.

	1) create a user via the gui for testing purposes

	2) As root while logged into the shell run:

	touch /etc/noftpaccess

	from the command prompt. This command will create a zero bit file named
noftpaccess in the /etc/ directory.

	3) Again as root run the command:

	 usermod -s /etc/noftpaccess username

	Try logging on to the site via FTP. If you get on feel free to
call me an idiot, then delete the test account you created and remove the
noftpaccess file by issuing the command rm /etc/noftpaccess as root. If
you don't get on enjoy. However if it does work you might want to consider
replacing /etc/noftplogin with a bash script that prints something like
"access denied" to standout or some such thing. The recommendation above is
just a quick way of testing this setup.

	Again, I can't guarantee that this will work without reading a
whole bunch of man pages for you. I prefer to run wu-ftp as I'm very
familiar with it and I  believe it to be much more secure when properly
configured and, well, quite simply, this trick works quite well on
it.

	Brent

References:
- RE: [cobalt-users] Disable FTP Access
  - From: Ian

Prev by Date: RE: [cobalt-users] Good Antivirus Software for Cobalt Raq550?
Next by Date: RE: [cobalt-users] Disable FTP Access
Previous by thread: RE: [cobalt-users] Disable FTP Access
Next by thread: RE: [cobalt-users] Disable FTP Access

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index