Thursday, November 8, 2012

How to restrict FTP user to a specific directory in solaris 10

Procedure to configure FTP guest user access 

1: Create a user which you want to use for the ftp , Name of the user can be anything except "ftp" ( In our Example it is "ftpuser")

Useradd -g 10 -d /export/home/ftpuser -m -s /bin/bash ftpuser
passwd ftpuser
Enter the new password twice .

2: Run the "ftpconfig -d" command , on the home directory of newly created user. 

# ftpconfig –d /export/home/ftpuser
this updates the existing directory with the info needed to make the account restricted.
After this you can see some extra directories in /export/home/ftpuser e.g bin, dev,lib e.t.c 

3: Add the user to the /etc/ftpd/ftpaccess file. There is an existing commented entry 
# guestuser username
that can be uncommented and edited 

guestuser ftpuser

4: Confirm that the user is a member of a class in /etc/ftpd/ftpaccess this entry should a already exist in ftpaccess
class guestusers guest *

5: Modify permissions for guest user if necessary

delete no anonymous,guest # delete permission?
After this user ftpuser will not be able to delete any file .

6: Run the command 
# in.ftpd -a to allow the use of ftpaccess file 

now when user "ftpuser" ftps to this server

Connected to 
220 solarislab FTP server ready. 
Name ( ftpuser 
331 Password required for ftpuser. 
230 User ftpuser logged in. Access restrictions apply. 
Remote system type is UNIX. 
Using binary mode to transfer files. 
ftp> pwd 
257 "/" is current directory.
Note that now you will see “/” as your current directory instead of /export/home/ftpuser.

Configuring NTP Server & Client in Solaris 10

Configuring NTP ( Network Time Protocol) on Solaris 10
Configuring an NTP Server 
1. Edit file ntp.conf
bash> cp /etc/inet/ntp.server /etc/inet/ntp.conf
bash> vi /etc/inet/ntp.conf
Add server address for ntp server
broadcast ttl 4
enable auth monitor
driftfile /var/ntp/ntp.drift
statsdir /var/ntp/ntpstats/
filegen peerstats file peerstats type day enable
filegen loopstats file loopstats type day enable
filegen clockstats file clockstats type day enable
keys /etc/inet/ntp.keys
trustedkey 0
requestkey 0
controlkey 0
Save your change configuration
2. Refresh daemon NTP
bash> touch /var/ntp/ntp.drift
bash> svcadm enable svc:/network/ntp

Search & Buy Amazon Products at discounted rate!!


Subscribe to AtoZ-networking Newsletter

Do you want to receive Linux FAQs, Microsoft FAQ, Solaris FAQ, detailed Networking tutorials and tips published at atoz-networking? Enter your email address below, and we will deliver our Linux posts straight to your email box, for free. Delivery powered by Google Feedburner.

Sign-up for the newsletter