Please, is there some simple possibility to set-up all FTP Clients to QNX4 machine (FTP server) that they can browse the entire QNX HDD but can only READ files? So that they cannot delete, modify, rename, move or otherwise corrupt the QNX HDD files/folders.
- in /etc/ftpusers add root and all user accounts you want to make non-accessible.
- make the ftp account home directory read-only( chmod -R a-w … )
Thank you koko, but I need to allow remote FTP users browse the entire QNX disk (so that they can copy some files (data, screenshots made by various QNX users) to their own Windows machines), but I want to prevent them of unwanted/mistaken QNX file/folder manipulations (deleting, editing, moving…)
What Koko told you is what you’ll need to do.
In step 1, you prevent ALL users from logging in with their own username/password. So they must login as the FTP user (which you should create if it doesn’t already exist).
Then in step 2, you’ll need to do something slightly different that what he said. You’ll need to make every directory on the HD ‘read access’ for Other so the FTP user can read into any directory (basically a chmod a+r on every directory which you can do with a find | xargs type thing)
There is no way to have users log in as themselves and prevent them from accidentally deleting something in their own directory. To do that you’d need to obtain the FTP source code (publicly available) and manually recompile without he delete/rename options etc.
Thank you guys, Step 1 is simple and works (prevent all users including root and make only one FTP user which is not listed in /etc/ftpusers).
Please can you clarify the Step 2?
- FTP user (the one which is not FTP-prevented) is automatically in “Other” group of users?
- I must set ALL files and ALL directories on the ALL local harddisks to +R -W -X for “Other” user group?
- Is it possible to do for ALL files/directories? Why this is not the default setting of file/directory user permissions?
- Isn’t there some risk to do that for ALL files/directories (some other system services or programs may not work if I set ALL files/directories to only +R for “Other” group)?
- How exactly to do that for ALL files/directories simply?
- Is it possible to restrict FTP user to “stay only in his home directory” (not be able to browse entire disk)?
With respect to 3) take a look at:
Cannot find chroot in QNX4, isn’t it only in QNX6?
Not according to this link:
qnx.com/support/knowledgebas … 000000n18v
Result of another experiment:
When I recursively executed “chmod -R o-wx /” = changed all files/directories user permissions on entire QNX harddisk (for “Other”: no write, no execute), some system functions got wrong. For example - I cannot login into Photon with valid Usernames and Passwords. That’s what I was afraid of.
So the Step 2 (making entire QNX disk (all files and directories only +R for “Other”) seems not to be the solution.
Or is there some list of files and directories which MUST remain +w (or +x or both +wx) for “Other” QNX4+Photon user?
Yes, there are some 4.25 references, but not at all steps. Do you think that /etc/ftpchroot file should work even in QNX4?
So far I didn’t managed to chroot (jail) FTP user to their home directory (from etc/passwd).
Yes I think it should. Why not try it and see?
Well, that’s the problem - I am trying with no success (maybe I misunderstood something or making some syntactic error). Cannot “jail” FTP user in their home directory (e.g. home/data).
Furthermore, I can’t google anything relevant on /etc/ftpchroot or some chroot utility under QNX4.