Re: Bad Advise

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Harold van Aalderen: "Re: Bad Advise"
• Previous message: smb@research.att.com: "Re: Bad Advise"
• In reply to: Christopher Klaus: "Bad Advise"
• Next in thread: Harold van Aalderen: "Re: Bad Advise"

Christopher Klaus said...
> Here is some advise from Sun that I highly recommend you DO NOT DO.
> 
> If you look at the MAN page for ftpd, you will see the following 
> advise: 
> 
>      the following rules are recommended. 
>      ~ftp)
>           Make the home directory owned by ``ftp'' and unwritable
>           by anyone. 
> 
> I highly recommend you change that to owned by ``root''.  If anyone can log
> in as ftp, there is nothing to stop them from doing SITE CHMOD 777 to the
> main directory and putting .rhosts or .forward there allowing instant
> access. 

The man pages for many several versions of Ultrix, NeXT-Mach, and a few
other OS's give the same advise.  I think it may be from a standard BSD
mag page source.  While the Ultrix default ftpd doesn't support site
commands, the NeXT-Mach ftpd does, and having the ftp directory owned 
by ftp is rather foolish in any case.

- Chris Ellwood <cellwood@gauss.calpoly.edu>
EL/EE Dept. System Administrator - Cal Poly, San Luis Obispo

• Next message: Harold van Aalderen: "Re: Bad Advise"
• Previous message: smb@research.att.com: "Re: Bad Advise"
• In reply to: Christopher Klaus: "Bad Advise"
• Next in thread: Harold van Aalderen: "Re: Bad Advise"