Christopher Klaus said... > Here is some advise from Sun that I highly recommend you DO NOT DO. > > If you look at the MAN page for ftpd, you will see the following > advise: > > the following rules are recommended. > ~ftp) > Make the home directory owned by ``ftp'' and unwritable > by anyone. > > I highly recommend you change that to owned by ``root''. If anyone can log > in as ftp, there is nothing to stop them from doing SITE CHMOD 777 to the > main directory and putting .rhosts or .forward there allowing instant > access. The man pages for many several versions of Ultrix, NeXT-Mach, and a few other OS's give the same advise. I think it may be from a standard BSD mag page source. While the Ultrix default ftpd doesn't support site commands, the NeXT-Mach ftpd does, and having the ftp directory owned by ftp is rather foolish in any case. - Chris Ellwood <cellwood@gauss.calpoly.edu> EL/EE Dept. System Administrator - Cal Poly, San Luis Obispo