Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!zaphod.mps.ohio-state.edu!usc!sdd.hp.com!decwrl!ucbvax!AVELON.LERC.NASA.GOV!fsfacca
From: fsfacca@AVELON.LERC.NASA.GOV (Tony Facca)
Newsgroups: comp.sys.sgi
Subject: Re:  Some Problems
Message-ID: <9007061221.AA09906@avelon.lerc.nasa.gov>
Date: 6 Jul 90 12:21:39 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 25

>>
>>Edit the file /usr/etc/inetd.conf and change the ftp line to look like this:
>>
>>ftp	stream	tcp	nowait	root	/usr/etc/ftpd       	ftpd -d -l
>> 
>>The -d switch will print debugging information in the /usr/adm/SYSLOG file and
>>the -l switch logs ftp sessions.   Then restart the inetd daemon.
>>
>
>BE WARNED, ftpd will log everything, PASSWORDS INCLUDED, even when a regular
>(not anonymous) user logs in.
>

This is true.  You should change the permissions on the SYSLOG file to 600. 
Also, if you have a cron which rotates SYSLOG, be sure to change the permissions
there as well.  Of course, this doesn't prevent people with root privilege from
looking up passwords in the SYSLOG file.  But then, NO ONE keeps the same 
password on more than one machine, do they?   ;-)

--
-----------------------------------------------------------------------------
Tony Facca                     |     phone: 216-433-8318
NASA Lewis Research Center     |    
Cleveland, Ohio  44135         |     email: fsfacca@avelon.lerc.nasa.gov 
-----------------------------------------------------------------------------