The following procedure is designed to help you set up a network-accessible anonymous FTP account. As usual, understanding the various steps and continually monitoring how the account is used are necessary to protect your system security.
ftp:*:997:999:anonymous FTP account:/usr/people/ftp:/dev/null
The login shell /dev/null is recommended but not required, and the home directory can be anywhere, with reservations as explained in the next step.
In this example procedure, /usr/people/ftp is the name of the anonymous FTP directory. First, make the directory:
# mkdir /usr/people/ftp
and then, if it is a separate disk or disk partition, you can mount the device on it (see mount(1M)). The anonymous FTP home directory you make must be the same one you specify in the /etc/passwd file.
# chmod 555 /usr/people/ftp
# chown ftp.other /usr/people/ftp
# cd /usr/people/ftp
# mkdir bin etc pub private
In addition to the standard bin, etc, and pub directories, you may wish to make a private directory for private transmissions, as explained below.
# chmod 555 bin etc
# chown root.sys bin etc
# chown ftp.other pub
# chmod 777 pub
Caution: By allowing write permission, you make it possible for anonymous FTP users to fill the disk partition.
# chown ftp.guest private
# chown 773 private
Anybody logging in can now place or retrieve files in the private directory, but they must be told the name of the file beforehand, because they cannot list the directory contents.
Caution: By allowing write permission, you make it possible for anonymous FTP users to fill the disk partition.
# cp bin/ls bin
# cp /etc/passwd etc
# cp /etc/group etc
A good choice for the contents of passwd might be
root:*:0:0:super-user:/:/dev/null
bin:*:2:2:system tools owner:/bin:/dev/null
sys:*:4:0:system activity owner:/usr/adm:/dev/null
ftp:*:997:999:anonymous FTP account:/usr/people/ftp:/dev/null
A good choice for the contents of group might be
other::995:
guest:*:998:
ftp:*:999:
# chmod 444 etc/*
# mkdir dev
# /sbin/mknod /usr/people/ftp/dev/zero c 37 0
# mkdir lib
# cp /lib/libc.so.1 lib
# cp /lib/rld lib
ftp: postmaster
Run the command newaliases to make this take effect. (This assumes you have an alias of postmaster in /etc/aliases. See aliases(4) and newaliases(1M).)
For example, the following entry in /etc/inetd.conf means all logging information but the byte count is sent to /var/adm/SYSLOG:
ftp stream tcp nowait root /usr/etc/ftpd ftpd -ll
# /etc/killall -HUP inetd
Note: Although the FTP logging records in /var/adm/SYSLOG now show any passwords entered by users logging in, no password checking is done for anonymous FTP. The convention is for anonymous users to enter their e-mail addresses for passwords, but they could just as easily enter another user's address or anything at all.
Refer to crontab(1), syslogd(1M), and the file /var/spool/cron/crontabs/root for information on changing the frequency or nature of system log file maintenance--you may, for example, want to increase the length of time you keep log files. To help you keep track of the demands made on your public FTP server, see Chapter 6 of IRIX Admin: Backup, Security, and Accounting for information on auditing system resource usage, and Chapter 7 of IRIX Admin: Backup, Security, and Accounting for general system accounting information.