IBM Support

Restrict an FTP user to home directory with password protection

How To


Summary

This document explains how to make FTP logins password protected.

Objective

You can restrict a certain user to their home directory or a specific directory when doing FTP. This is handled by /etc/ftpaccess.ctl file. When the FTP user logs in, the user is able to change directory forward, but not outside the specified directory. However, these FTP logins are not protected, that is, the user will be able to log in by entering any password or by simply pressing enter for password field. This document shows you how to make these logins password protected.

Steps

Here is an example of restricting user "test" to his home directory "/home/test"
# cat /etc/ftpaccess.ctl
useronly: test
readwrite: /home/test
This example tells us that user "test" will be confined to "/home/test" directory. You can also use "grouponly" option to specify a group of users.
grouponly: testgrp
The "useronly" and "grouponly" options are used for defining anonymous users. Therefore, they are not password protected. The user is able to login anonymously by simply pressing enter key in the password field. If you want the FTP users to log in with correct password, then use "puseronly" and "pgrouponly" options. This forces the user to enter correct password to login.
# cat /etc/ftpaccess.ctl
puseronly: test
readwrite: /home/test

 

Additional Information

SUPPORT

If you have specific questions about usage after reviewing the recommended documentation, IBM AIX Support will be happy to assist.
If you require consulting services, there are additional fee-based services available. You can read about IBM Support Offerings here: https://www.ibm.com/support/pages/ibm-support-offerings.

If you require usage assistance, use the following step-by-step instructions to contact IBM to open a case for software with an active and valid support contract.  

1.  Document (or collect screen captures of) all symptoms, errors, and messages related to your issue.

2.  Capture any logs or data relevant to the situation.

3.  Contact IBM to open a case:

   -For electronic support, see the IBM Support Community:
     https://www.ibm.com/mysupport
   -If you require telephone support, see the web page:
      https://www.ibm.com/planetwide/

4.  Provide a clear, concise description of the issue.

  - For guidance, see: Working with IBM AIX Support: Describing the problem

5.  If the system is accessible, collect a system snap, and upload all of the details and data for your case.

  - For guidance, see: Working with IBM AIX Support: Collecting snap data

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"Component":"","Platform":[{"code":"PF002","label":"AIX"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]

Document Information

Modified date:
25 June 2021

UID

ibm16466615

Page Feedback