Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!zaphod.mps.ohio-state.edu!uakari.primate.wisc.edu!aplcen!haven!adm!cmcl2!stealth.acf.nyu.edu!brnstnd
From: brnstnd@stealth.acf.nyu.edu
Newsgroups: comp.protocols.tcp-ip
Subject: Re: anonymous ftp, and the dangers thereof
Message-ID: <19001:Jun616:38:3890@stealth.acf.nyu.edu>
Date: 6 Jun 90 16:38:38 GMT
Reply-To: brnstnd@stealth.acf.nyu.edu (Dan Bernstein)
Distribution: usa
Organization: IR
Lines: 11

In article <1990Apr21.222928.24498@Solbourne.COM> Warner Losh writes:
> What is needed is a good guide to how to setup anonymous FTP correctly
> so that nobody can steal any real files.

Yeah. Let's start by criticizing the SRI White Paper's recommendations.
It says ``you may wish'' to remove all non-ftp accounts from the passwd
file inside the ftp directory; it should say ``you should, no matter
what.'' It recommends creation of ~ftp/pub, owner ftp, mode 777; that
should be mode 577. Anyone want to continue this list?

---Dan