Re: Bad Advise

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Christopher Klaus: "Re: Bad Advise"
• Previous message: Sam Hartman: "Re: Bad Advise"
• In reply to: G.J.W. Hagenaars: "Re: Bad Advise"
• Next in thread: Sam Hartman: "Re: Bad Advise"

>Christopher W. Klaus wrote:
>
>% Here is some advise from Sun that I highly recommend you DO NOT DO.
>% 
>%           Make the home directory owned by ``ftp'' and unwritable
>%           by anyone. 
>% 
>% I highly recommend you change that to owned by ``root''.  
>
>I was thinking about ownership of the whole ftp-tree by user `nobody'. Are
>there any benefits to using `root' instead of `nobody'?
>

personaly I have a dedicated ftp server that mounts the /ftp partition
via tcp-nfs as a readonly partition. (I only use tcp NFS because cause
they are more resistant to udp NFS attacks).  

for those with suns I suppose you can use the loopback filesystem
and loopback mount the file system readonly then set the readonly mount as
the chroot for ftp as the readonly mount.


for example:
    passwd:
	ftp:*:12:11:FTP User Uid:/ftp:/no exist
    fstab:
	/dev/sd3d	/home/ftp	4.2	rw,nosuid	1 3
	/home/ftp 	/ftp		lofs	ro,nosuid,noquota	0 0

thus people that ftp will not be able to do anything to the partition
and yet user can add/delete/modify files.


WARNING:  lofs has a security bug in SunOS 4.0.3 (fixed in 4.1 and higher)
	that allowed root to delete any file even if the filesystem was
	mounted readonly.

• Next message: Christopher Klaus: "Re: Bad Advise"
• Previous message: Sam Hartman: "Re: Bad Advise"
• In reply to: G.J.W. Hagenaars: "Re: Bad Advise"
• Next in thread: Sam Hartman: "Re: Bad Advise"