在hp 配置ftp

在hp-ux中，一般默认采用的是wu-ftp程序，察看/etc/inetd.conf，默认内容如下： ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l 用户要求：创建ftp用户

ftp_acct密码为ftp_acct,上传文件到/datafile/ftp_out/acct，不能访问其他目录和telnet ftp_up密码为ftp_acct, 上传文件到/datafile/ftp_out/up，不能访问其他目录和telnet 其他用户仍然拥有默认的ftp功能。

系统中存在的合法用户都可以使用ftp。 首先把/etc/inetd.conf修改为：

ftp stream tcp nowait root /usr/lbin/ftpd ftpd -a -l -u 000

其中-a表示使用/etc/ftpd/ftpaccess文件，-u 000表示ftp用户上传文件的umask为000。 然后修改/etc/passwd文件，加入条目，密码是通过passwd命令生成的。 ftp_acct:BtqiMKXfVfSxA:200:200::/datafile/ftp_out/acct/./:/bin/false ftp_up:8hlCYvP7qQS7I:201:201::/datafile/ftp_out/up/./:/bin/false 修改/etc/group文件，加入条目： ftp_acct::200:ftp_acct ftp_up::201:ftp_up

然后到/datafile/ftp_out目录中创建： #cd /datafile/ftp_out #mkdir -p acct/usr/bin #mkdir -p up/usr/bin #mkdir -p up/etc #mkdir -p acct/etc

#cp /etc/passwd acct/etc/. (把passwd中除ftp_acct的用户条目删掉) #cp /etc/group acct/etc/. (把group中除ftp_acct的条目删掉) #cp /sbin/ls acct/usr/bin/. #cp /bin/pwd acct/usr/bin/.

#cp /etc/passwd up/etc/. (把passwd中除ftp_up的用户条目删掉) #cp /etc/group up/etc/. (把group中除ftp_up的条目删掉) #cp /sbin/ls up/usr/bin/. #cp /bin/pwd up/usr/bin/. #chown -R ftp_acct:ftp_acct acct #chown -R ftp_up:ftp_up up

然后到/etc/ftpd目录 #cd /etc/ftpd #touch ftpgroups

#more ftpaccess 内容如下：

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # @(#)B.11.11_LR #

loginfails 2

首先需要修改/etc/inetd.conf文件，让其能够使用/etc/ftpd/ftpaccess，即通过这个文件来控制对ftp的访问，默认是不使用这

class all real,guest,anonymous *

limit local 20 Any /etc/msgs/msg.toomany limit remote 100 SaSu|Any1800-0600 /etc/msgs/msg.toomany limit remote 60 Any /etc/msgs/msg.toomany

readme README* login readme README* cwd=*

message /welcome.msg login message .message cwd=*

compress yes local remote tar yes local remote

# allow use of private file for SITE GROUP and SITE GPASS? private yes

# passwd-check []

passwd-check rfc822 warn

log commands real

log transfers anonymous,real inbound,outbound shutdown /etc/shutmsg

# all the following default to \

delete yes guest,anonymous # delete permission? overwrite yes guest,anonymous # overwrite permission? rename no guest,anonymous # rename permission? chmod no anonymous # chmod permission? umask no anonymous # umask permission?

# specify the upload directory information upload /var/ftp * no

upload /var/ftp /incoming yes root daemon 0600 dirs upload /var/ftp /bin no upload /var/ftp /etc no

# directory aliases alias inc /incoming

# cdpath

cdpath /incoming cdpath /pub

cdpath /

# path-filter...

path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9_\\.]*$ ^\\. ^- path-filter guest /etc/pathmsg ^[-A-Za-z0-9_\\.]*$ ^\\. ^-

# specify which group of users will be treated as \guestgroup ftp_acct ftp_up

email haha@haha.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

然后修改/etc/shells文件： #more /etc/shells /bin/false /sbin/sh /usr/bin/sh

然后重新刷新inetd进程 #inetd -c

然后测试ftp_acct的ftp和telnet，如下：

gxhh5#[/datafile/ftp_out/up/etc]ftp 10.187.1.122 Connected to 10.187.1.122.

220 gxhh5 FTP server (Version 1.1.214.4(PHNE_29461) Thu Nov 20 06:40:06 GMT 2003) ready. Name (10.187.1.122:root): ftp_acct 331 Password required for ftp_acct. Password:

230 User ftp_acct logged in. Access restrictions apply. Remote system type is UNIX. Using binary mode to transfer files. ftp> cd /

250 CWD command successful. ftp> ls

200 PORT command successful.

150 Opening ASCII mode data connection for /usr/bin/ls. total 16

-rwxrwxrwx 1 ftp_acct ftp_acct 2 Jun 2 22:09 a.log drwxrwxrwx 2 ftp_acct ftp_acct 96 Jun 2 21:33 etc drwxrwxrwx 3 ftp_acct ftp_acct 96 Jun 2 21:10 usr 226 Transfer complete. ftp> by 221 Goodbye.

测试telnet：

gxhh5#[/datafile/ftp_out/up/etc]telnet 10.187.1.122 Trying...

Connected to 10.187.1.122. Escape character is '^]'. Local flow control on

Telnet TERMINAL-SPEED option ON

HP-UX gxhh5 B.11.11 U 9000/800 (ta)

login: ftp_acct Password:

Please wait...checking for disk quotas Connection closed by foreign host. gxhh5#[/datafile/ftp_out/up/etc]

可见ftp_acct、ftp_up用户ftp登录受限，telnet不能登录，

而除这两个用户外的其他用户ftp和telnet均正常，要求的配置已经满足。

本文来源：https://www.bwwdw.com/article/mtpx.html