1.  Home
  2. MIDRANGE-L
  3. February 2005

RE: How do I force an FTP user to '/home/ftpdir'?

You can do that in the QIBM_QTMF_SERVER_REQ - VLRQ0100 exit.  You will have
to know what directory they are constrained to - from a configuration file
somewhere hopefully.  You will get the target of the change directory
command passed to you in one of the exit program parameters.  If they
entered a relative path name then the server will pass you your current
directory with the relative path appended to the end.  Before you check to
see if the path they are trying to change to starts with a path they are
allowed to access, you should edit the path for dots, dot-dots, multiple
slashes.  I've seen exits that allow you to circumvent path constraints by
doing this:
  
cd /home/ftpdir/../.. 

The edited path should be /

Kurt




-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Tom Hightower
Sent: Friday, February 18, 2005 11:55 AM
To: midrange-l@xxxxxxxxxxxx
Subject: Re: How do I force an FTP user to '/home/ftpdir'?

I was thinking that I might need to modify the FTP exit programs I have 
in place.  The exit programs access a table which specifies what FTP 
commands the user profile can and can't do (mkdir, cd, del, etc).  I 
guess I could add a flag to their entry in the table which says to 
position them to a homedir.

But if I allow them access to the 'chdir' command, how would I keep them 
from accessing a 'higher-level' directory?  Group profiles, with 
appropriate access rights to objects, libraries and folders?  Or could I 
somehow do that with an exit program?

Tom

Gary Monnier said the following on 2/18/2005 10:54 AM:
> They will need to use an exit program on one of two FTP signon exit
> points (exit point QIBM_QTMF_SVR_LOGON format TCPL0200 or format
> TCPL0300).  They will allow you to return an initial home directory.
> 
> -----Original Message-----
> From: midrange-l-bounces@xxxxxxxxxxxx
> [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Tom Hightower
> Sent: Friday, February 18, 2005 8:09 AM
> To: midrange-l@xxxxxxxxxxxx
> Subject: How do I force an FTP user to '/home/ftpdir'?
> 
> 
> 
> Customer wants to setup a generic FTP account for their tech support 
> folks in the field.  Along with that account, they have an IFS directory
> 
> called '/home/software' which has the software that they need to install
> 
> at various customer sites.
> 
> When they login via FTP using that account, the tech folks need to be 
> positioned directly in that support directory, and to have access to 
> nothing else other than that directory (or its subdirectories).  No 
> going to a higher-level directory, no deleting files in that directory 
> (or sub-directory), no running of AS400 commands.
> 
> The 'no-deletes' and 'no-commands' requirement I can handle with FTP 
> exit programs, but how do I handle the directory requirements?
> 
> Tom
> 

-- 
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.