Newsgroups: comp.archives Path: utzoo!utgpu!news-server.csri.toronto.edu!math.lsa.umich.edu!zaphod.mps.ohio-state.edu!caen!ox.com!emv From: hines@portia.Stanford.EDU (Melissa Hines) Subject: [unix-questions] Summary: How to set up an ftp anonymous site Message-ID: <1990Dec6.035506.27367@ox.com> Followup-To: comp.unix.questions Sender: emv@ox.com (Edward Vielmetti) Reply-To: hines@portia.Stanford.EDU (Melissa Hines) Organization: Stanford University - AIR References: <1990Dec5.204431.18677@portia.Stanford.EDU> Date: Thu, 6 Dec 90 03:55:06 GMT Approved: emv@ox.com (Edward Vielmetti) X-Original-Newsgroups: comp.unix.questions Archive-name: ftp/server/setup/1990-12-05 Original-posting-by: hines@portia.Stanford.EDU (Melissa Hines) Original-subject: Summary: How to set up an ftp anonymous site Reposted-by: emv@ox.com (Edward Vielmetti) About a week ago, I asked the net how to set up an ftp anonymous account. Here is a summary of the replies. Many thanks to the people who took the time to answer my question! Simple answer -- RTFM! This is actually a little trickier than it sounds! You need to look at man ftpd. More verbose answer: I received a number of replies that were all very similar. The one I quote here came from the SRI Intl. Report "Improving the Security of Your Unix System" via Andi Karrer. ___________________________________________________________________________ 1) make sure your /usr/etc/ftpd (or ftpd.gw) is newer than Dec 1988. If not urge DEC to give you a new one cause this one may have a real bug. 2) make a user "ftp". Disable the password (put * in the second field). make the login directory to where you want to put the anon ftp files. The /etc/passwd entry should look like: ftp:*:12:12:Anon ftp:/usr/local/ftp:/bin/true The /etc/group entry should look like: ftp:*:12: make sure uid and gid are normal user id's, e.g not "root". **** Very important **** 3) make a home directory for ftp unwritable by anyone: # mkdir /usr/local/ftp # chown ftp ~ftp # chmod 555 ~ftp 4) make the directory ~ftp/bin, owned by root and unwritable by anyone. Put a copy of the "ls" program there: # mkdir ~ftp/bin # chown root ~ftp/bin # chmod 555 ~ftp/bin # cp -p /bin/ls ~ftp/bin # chmod 111 ~ftp/bin/ls 5) make the directory ~ftp/etc, owned by root and unwritable by anyone. put a stripped-down copy of /etc/passwd and /etc/group there. the files should only contain the entry for the user "ftp". # mkdir ~ftp/etc # chown root ~ftp/etc # chmod 555 ~ftp/etc # grep '^ftp:' /etc/passwd > ~ftp/etc/passwd # grep '^ftp:' /etc/group > ~ftp/etc/group # chmod 444 ~ftp/etc/passwd ~ftp/etc/group 6) make the directory ~ftp/etc/pub, owned by "ftp" and writable by anyone. anon ftp users may the place files there. alternatively, if you want anon ftp users only to be able to GET fies from your system, make the directory unwritable by anyone except root. # mkdir ~ftp/pub # chown ftp ~ftp/pub # chmod 777 ~ftp/pub - or 555 _____________________________________________________________________________ Thanks to all the people who replied Andi Karrer Tim Ramsey Joe Hamlin David Elliott Nick Sayer Jeff Kays Gary Weimer If you would like a copy of all the replies that I received, I will be happy to send them to you. Melissa A. Hines Dept. of Chemistry Stanford University Brought to you by Super Global Mega Corp .com