× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. February 2005

Re: How do I force an FTP user to '/home/ftpdir'?

Gary Monnier said the following on 2/18/2005 10:54 AM:
They will need to use an exit program on one of two FTP signon exit points (exit point QIBM_QTMF_SVR_LOGON format TCPL0200 or format TCPL0300). They will allow you to return an initial home directory.

-----Original Message----- From:
midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx]
On Behalf Of Tom Hightower Sent: Friday, February 18, 2005 8:09 AM To: midrange-l@xxxxxxxxxxxx Subject: How
do I force an FTP user to '/home/ftpdir'?



Customer wants to setup a generic FTP account for their tech support
 folks in the field.  Along with that account, they have an IFS
directory

called '/home/software' which has the software that they need to
install

at various customer sites.

When they login via FTP using that account, the tech folks need to be
 positioned directly in that support directory, and to have access to
 nothing else other than that directory (or its subdirectories).  No
 going to a higher-level directory, no deleting files in that
directory (or sub-directory), no running of AS400 commands.

The 'no-deletes' and 'no-commands' requirement I can handle with FTP
 exit programs, but how do I handle the directory requirements?

Tom


Using WRKREGINF, I've added my program FTPLOGON to exit point
QIBM_QTMF_SVR_LOGON, format TCPL0200. I've used a variant of this same program at format TCPL0100 for a couple of years to control FTP login access, and it's worked flawlessly.

This is my *entry parm list for the program:

c     *Entry        Plist
 *
 * Input parameters
c                   Parm                    AppId
c                   Parm                    UserId
c                   Parm                    UserIdLen
c                   Parm                    Authen
c                   Parm                    AuthenLen
c                   Parm                    IpAddr
c                   Parm                    IpAddrLen

 * Return parameters
c                   Parm                    RtnCode
c                   Parm                    User
c                   Parm                    Password
c                   Parm                    CurrLib
 *  added for format TCPL0200
c                   parm                    HomeDir
c                   parm                    HomeDirLen


And this is the d-specs for those fields:
D AppId           S              9B 0
D UserId          S            999
D UserIdLen       S              9B 0
D Authen          S            999
D AuthenLen       S              9B 0
D IpAddr          S             15
D IpAddrLen       S              9B 0
D RtnCode         S              9B 0
D User            S             10
D Password        S             10
D CurrLib         S             10
d homedir         S            999
d homedirlen      S              9b 0


In my program, I'm checking for the value of the UserId field; if it's 'TECHSUPPRT', I set homedir and homedir thusly:
if FTPUser = TECHSUPPRT;
homedir = '/home/tech/software';
homedirlen = %len(%trim(homedir));
endif;


My question is:
1) what value should I assign to RtnCode so that the FTP user is forced into /home/tech/software? I want it so that if they do 'dir' (using DOS-style FTP client), all they see is the contents of the '/home/tech/software'.

Tom


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.