>Christopher W. Klaus wrote: > >% Here is some advise from Sun that I highly recommend you DO NOT DO. >% >% Make the home directory owned by ``ftp'' and unwritable >% by anyone. >% >% I highly recommend you change that to owned by ``root''. > >I was thinking about ownership of the whole ftp-tree by user `nobody'. Are >there any benefits to using `root' instead of `nobody'? > personaly I have a dedicated ftp server that mounts the /ftp partition via tcp-nfs as a readonly partition. (I only use tcp NFS because cause they are more resistant to udp NFS attacks). for those with suns I suppose you can use the loopback filesystem and loopback mount the file system readonly then set the readonly mount as the chroot for ftp as the readonly mount. for example: passwd: ftp:*:12:11:FTP User Uid:/ftp:/no exist fstab: /dev/sd3d /home/ftp 4.2 rw,nosuid 1 3 /home/ftp /ftp lofs ro,nosuid,noquota 0 0 thus people that ftp will not be able to do anything to the partition and yet user can add/delete/modify files. WARNING: lofs has a security bug in SunOS 4.0.3 (fixed in 4.1 and higher) that allowed root to delete any file even if the filesystem was mounted readonly.