Skip navigation.
Home
The QNX Community Portal

View topic - FTP Clients restricted to Read-only

FTP Clients restricted to Read-only

For the old QNX2 and QNX4 RTOS

FTP Clients restricted to Read-only

Postby Pilotek » Wed Feb 22, 2012 10:02 am

Please, is there some simple possibility to set-up all FTP Clients to QNX4 machine (FTP server) that they can browse the entire QNX HDD but can only READ files? So that they cannot delete, modify, rename, move or otherwise corrupt the QNX HDD files/folders.
Pilotek
Senior Member
 
Posts: 124
Joined: Thu Jan 25, 2007 3:52 pm

Re: FTP Clients restricted to Read-only

Postby koko » Wed Feb 22, 2012 7:55 pm

1) in /etc/ftpusers add root and all user accounts you want to make non-accessible.
2) make the ftp account home directory read-only( chmod -R a-w ... )
koko
Senior Member
 
Posts: 100
Joined: Wed Aug 20, 2003 1:31 am

Re: FTP Clients restricted to Read-only

Postby Pilotek » Thu Feb 23, 2012 10:21 am

Thank you koko, but I need to allow remote FTP users browse the entire QNX disk (so that they can copy some files (data, screenshots made by various QNX users) to their own Windows machines), but I want to prevent them of unwanted/mistaken QNX file/folder manipulations (deleting, editing, moving...)
Pilotek
Senior Member
 
Posts: 124
Joined: Thu Jan 25, 2007 3:52 pm

Re: FTP Clients restricted to Read-only

Postby Tim » Thu Feb 23, 2012 7:28 pm

Pilotek,

What Koko told you is what you'll need to do.

In step 1, you prevent ALL users from logging in with their own username/password. So they *must* login as the FTP user (which you should create if it doesn't already exist).
Then in step 2, you'll need to do something slightly different that what he said. You'll need to make every directory on the HD 'read access' for Other so the FTP user can read into any directory (basically a chmod a+r on every directory which you can do with a find | xargs type thing)

There is no way to have users log in as themselves and prevent them from accidentally deleting something in their own directory. To do that you'd need to obtain the FTP source code (publicly available) and manually recompile without he delete/rename options etc.

Tim
Tim
Senior Member
 
Posts: 1388
Joined: Wed Mar 10, 2004 12:28 am

Re: FTP Clients restricted to Read-only

Postby Pilotek » Wed Aug 15, 2012 9:07 am

Thank you guys, Step 1 is simple and works (prevent all users including root and make only one FTP user which is not listed in /etc/ftpusers).

Please can you clarify the Step 2?

1) FTP user (the one which is not FTP-prevented) is automatically in "Other" group of users?
2) I must set ALL files and ALL directories on the ALL local harddisks to +R -W -X for "Other" user group?
- Is it possible to do for ALL files/directories? Why this is not the default setting of file/directory user permissions?
- Isn't there some risk to do that for ALL files/directories (some other system services or programs may not work if I set ALL files/directories to only +R for "Other" group)?
- How exactly to do that for ALL files/directories simply?

3) Is it possible to restrict FTP user to "stay only in his home directory" (not be able to browse entire disk)?

Thank you.
Pilotek
Senior Member
 
Posts: 124
Joined: Thu Jan 25, 2007 3:52 pm

Re: FTP Clients restricted to Read-only

Postby maschoen » Wed Aug 15, 2012 1:24 pm

maschoen
QNX Master
 
Posts: 2640
Joined: Wed Jun 25, 2003 5:18 pm

Re: FTP Clients restricted to Read-only

Postby Pilotek » Mon Aug 20, 2012 6:50 am

Cannot find chroot in QNX4, isn't it only in QNX6?
Pilotek
Senior Member
 
Posts: 124
Joined: Thu Jan 25, 2007 3:52 pm

Re: FTP Clients restricted to Read-only

Postby maschoen » Mon Aug 20, 2012 7:03 am

Pilotek wrote:Cannot find chroot in QNX4, isn't it only in QNX6?


Not according to this link:
http://www.qnx.com/support/knowledgebas ... 000000n18v
maschoen
QNX Master
 
Posts: 2640
Joined: Wed Jun 25, 2003 5:18 pm

Re: FTP Clients restricted to Read-only

Postby Pilotek » Mon Aug 20, 2012 1:02 pm

Result of another experiment:
When I recursively executed "chmod -R o-wx /" = changed all files/directories user permissions on entire QNX harddisk (for "Other": no write, no execute), some system functions got wrong. For example - I cannot login into Photon with valid Usernames and Passwords. That's what I was afraid of.

So the Step 2 (making entire QNX disk (all files and directories only +R for "Other") seems not to be the solution. :cry:

Or is there some list of files and directories which MUST remain +w (or +x or both +wx) for "Other" QNX4+Photon user?
Pilotek
Senior Member
 
Posts: 124
Joined: Thu Jan 25, 2007 3:52 pm

Re: FTP Clients restricted to Read-only

Postby Pilotek » Mon Aug 20, 2012 2:44 pm

maschoen wrote:
Pilotek wrote:Cannot find chroot in QNX4, isn't it only in QNX6?


Not according to this link:
http://www.qnx.com/support/knowledgebas ... 000000n18v


Yes, there are some 4.25 references, but not at all steps. Do you think that /etc/ftpchroot file should work even in QNX4?
So far I didn't managed to chroot (jail) FTP user to their home directory (from etc/passwd).
Pilotek
Senior Member
 
Posts: 124
Joined: Thu Jan 25, 2007 3:52 pm

Re: FTP Clients restricted to Read-only

Postby maschoen » Mon Aug 20, 2012 3:36 pm

Yes I think it should. Why not try it and see?
maschoen
QNX Master
 
Posts: 2640
Joined: Wed Jun 25, 2003 5:18 pm

Re: FTP Clients restricted to Read-only

Postby Pilotek » Mon Aug 20, 2012 6:43 pm

Well, that's the problem - I am trying with no success (maybe I misunderstood something or making some syntactic error). Cannot "jail" FTP user in their home directory (e.g. home/data).
Furthermore, I can't google anything relevant on /etc/ftpchroot or some chroot utility under QNX4.
Pilotek
Senior Member
 
Posts: 124
Joined: Thu Jan 25, 2007 3:52 pm


Return to QNX2 and QNX4

Who is online

Users browsing this forum: No registered users and 1 guest