How to restrict FTP user to a specific directory in solaris 10
Procedure to configure FTP guest user access
1: Create a user which you want to use for the ftp , Name of the user can be anything except "ftp" ( In our Example it is "ftpuser")
Useradd -g 10 -d /export/home/ftpuser -m -s /bin/bash ftpuser
passwd ftpuser
Enter the new password twice .
2: Run the "ftpconfig -d" command , on the home directory of newly created user.
# ftpconfig –d /export/home/ftpuser
this updates the existing directory with the info needed to make the account restricted.
After this you can see some extra directories in /export/home/ftpuser e.g bin, dev,lib e.t.c
3: Add the user to the /etc/ftpd/ftpaccess file. There is an existing commented entry
# guestuser username
that can be uncommented and edited
guestuser ftpuser
4: Confirm that the user is a member of a class in /etc/ftpd/ftpaccess this entry should a already exist in ftpaccess
class guestusers guest *
5: Modify permissions for guest user if necessary
delete no anonymous,guest # delete permission?
After this user ftpuser will not be able to delete any file .
6: Run the command
# in.ftpd -a to allow the use of ftpaccess file
now when user "ftpuser" ftps to this server
ftp 10.20.30.33
Connected to 10.20.30.33.
220 solarislab FTP server ready.
Name (10.20.30.33:solarisuser): ftpuser
331 Password required for ftpuser.
Password:
230 User ftpuser logged in. Access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/" is current directory.
Note that now you will see “/” as your current directory instead of /export/home/ftpuser.
1: Create a user which you want to use for the ftp , Name of the user can be anything except "ftp" ( In our Example it is "ftpuser")
Useradd -g 10 -d /export/home/ftpuser -m -s /bin/bash ftpuser
passwd ftpuser
Enter the new password twice .
2: Run the "ftpconfig -d" command , on the home directory of newly created user.
# ftpconfig –d /export/home/ftpuser
this updates the existing directory with the info needed to make the account restricted.
After this you can see some extra directories in /export/home/ftpuser e.g bin, dev,lib e.t.c
3: Add the user to the /etc/ftpd/ftpaccess file. There is an existing commented entry
# guestuser username
that can be uncommented and edited
guestuser ftpuser
4: Confirm that the user is a member of a class in /etc/ftpd/ftpaccess this entry should a already exist in ftpaccess
class guestusers guest *
5: Modify permissions for guest user if necessary
delete no anonymous,guest # delete permission?
After this user ftpuser will not be able to delete any file .
6: Run the command
# in.ftpd -a to allow the use of ftpaccess file
now when user "ftpuser" ftps to this server
ftp 10.20.30.33
Connected to 10.20.30.33.
220 solarislab FTP server ready.
Name (10.20.30.33:solarisuser): ftpuser
331 Password required for ftpuser.
Password:
230 User ftpuser logged in. Access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/" is current directory.
Note that now you will see “/” as your current directory instead of /export/home/ftpuser.
Comments