Can anyone tell me (or point me to a how-to resource) how to restrict
users to their home directory when they connect via ftp under AIX? A
whole bunch of web searches have made it clear that it is done using
chroot, but none of them explained how.

--
Andy Luddy
Perform appendectomy to reply
aluddy.appendix@adelphia.net

Andy Luddy wrote:
> Can anyone tell me (or point me to a how-to resource) how to restrict
> users to their home directory when they connect via ftp under AIX? A
> whole bunch of web searches have made it clear that it is done using
> chroot, but none of them explained how.

You can't do this with the ftpd supplied with AIX (I'm not sure about
5.3).

There a number of daemons which will do this, the most notable is
probably wu-ftpd.

http://www.wu-ftpd.org/

Note that you have to apply several security patches to the source.

base60 wrote:
> Andy Luddy wrote:
>> Can anyone tell me (or point me to a how-to resource) how to restrict
>> users to their home directory when they connect via ftp under AIX? A
>> whole bunch of web searches have made it clear that it is done using
>> chroot, but none of them explained how.
>
> You can't do this with the ftpd supplied with AIX (I'm not sure about
> 5.3).
>
> There a number of daemons which will do this, the most notable is
> probably wu-ftpd.
>
> http://www.wu-ftpd.org/
>
> Note that you have to apply several security patches to the source.

OK, thanks. I may look into that.

--
Andy Luddy
Perform appendectomy to reply
aluddy.appendix@adelphia.net

Andy Luddy wrote:
> Can anyone tell me (or point me to a how-to resource) how to restrict
> users to their home directory when they connect via ftp under AIX? A
> whole bunch of web searches have made it clear that it is done using
> chroot, but none of them explained how.

Hi Andy,

I had loads of "fun" trying to get this to work so that I had a
standard user with a dedicated password to log in to a simulated root
directory and not let them go up any levels. The default ftp services
that come with AIX can do this only for anonymous users, as best as I
can tell, and with anonymous the password contains the email address of
the user logging on. Depending on if you verify that email or not, it
could just let a person connect and upload or download at will.

As another poster replied to you, the wu/ftpd seems to be the one that
is easiest to set up, and is the one I finally chose for the special
login I needed for a supplier to reach our system.

If I get a chance to capture and "de-sensitize" our /etc files, I'll
post what we ended up with as a solution.

Steve

base60 wrote:

> Andy Luddy wrote:
> > Can anyone tell me (or point me to a how-to resource) how to restrict
> > users to their home directory when they connect via ftp under AIX? A
> > whole bunch of web searches have made it clear that it is done using
> > chroot, but none of them explained how.
>
....
> There a number of daemons which will do this, the most notable is
> probably wu-ftpd.

I find proftpd very convenient. It doesn't requre setting up chroot
jails to restrict directory access. It's configuration resembles
apache.

There is an older release of proftpd in the IBM AIX toolbox.
current release is on http://www.proftpd.org