home *** CD-ROM | disk | FTP | other *** search
- Path: usage.csd.unsw.oz.au!metro!munnari.oz.au!uhccux!ames!rex!wuarchive!zaphod.mps.ohio-state.edu!caen!ox.com!emv
- From: hines@portia.Stanford.EDU (Melissa Hines)
- Newsgroups: comp.archives
- Subject: [unix-questions] Summary: How to set up an ftp anonymous site
- Message-ID: <1990Dec6.035506.27367@ox.com>
- Date: 6 Dec 90 03:55:06 GMT
- References: <1990Dec5.204431.18677@portia.Stanford.EDU>
- Sender: emv@ox.com (Edward Vielmetti)
- Reply-To: hines@portia.Stanford.EDU (Melissa Hines)
- Followup-To: comp.unix.questions
- Organization: Stanford University - AIR
- Lines: 76
- Approved: emv@ox.com (Edward Vielmetti)
- X-Original-Newsgroups: comp.unix.questions
-
- Archive-name: ftp/server/setup/1990-12-05
- Original-posting-by: hines@portia.Stanford.EDU (Melissa Hines)
- Original-subject: Summary: How to set up an ftp anonymous site
- Reposted-by: emv@ox.com (Edward Vielmetti)
-
- About a week ago, I asked the net how to set up an ftp anonymous account.
- Here is a summary of the replies. Many thanks to the people who took
- the time to answer my question!
-
- Simple answer -- RTFM!
- This is actually a little trickier than it sounds! You need to look at
- man ftpd.
- More verbose answer:
- I received a number of replies that were all very similar. The one I
- quote here came from the SRI Intl. Report "Improving the Security of
- Your Unix System" via Andi Karrer.
-
- ___________________________________________________________________________
- 1) make sure your /usr/etc/ftpd (or ftpd.gw) is newer than Dec 1988. If not
- urge DEC to give you a new one cause this one may have a real bug.
-
- 2) make a user "ftp". Disable the password (put * in the second field).
- make the login directory to where you want to put the anon ftp files.
- The /etc/passwd entry should look like:
- ftp:*:12:12:Anon ftp:/usr/local/ftp:/bin/true
- The /etc/group entry should look like:
- ftp:*:12:
- make sure uid and gid are normal user id's, e.g not "root".
- **** Very important ****
-
- 3) make a home directory for ftp unwritable by anyone:
- # mkdir /usr/local/ftp
- # chown ftp ~ftp
- # chmod 555 ~ftp
-
- 4) make the directory ~ftp/bin, owned by root and unwritable by anyone. Put
- a copy of the "ls" program there:
- # mkdir ~ftp/bin
- # chown root ~ftp/bin
- # chmod 555 ~ftp/bin
- # cp -p /bin/ls ~ftp/bin
- # chmod 111 ~ftp/bin/ls
-
- 5) make the directory ~ftp/etc, owned by root and unwritable by anyone. put
- a stripped-down copy of /etc/passwd and /etc/group there. the files
- should only contain the entry for the user "ftp".
- # mkdir ~ftp/etc
- # chown root ~ftp/etc
- # chmod 555 ~ftp/etc
- # grep '^ftp:' /etc/passwd > ~ftp/etc/passwd
- # grep '^ftp:' /etc/group > ~ftp/etc/group
- # chmod 444 ~ftp/etc/passwd ~ftp/etc/group
-
- 6) make the directory ~ftp/etc/pub, owned by "ftp" and writable by anyone.
- anon ftp users may the place files there. alternatively, if you want anon
- ftp users only to be able to GET fies from your system, make the directory
- unwritable by anyone except root.
- # mkdir ~ftp/pub
- # chown ftp ~ftp/pub
- # chmod 777 ~ftp/pub - or 555
-
- _____________________________________________________________________________
- Thanks to all the people who replied
- Andi Karrer
- Tim Ramsey
- Joe Hamlin
- David Elliott
- Nick Sayer
- Jeff Kays
- Gary Weimer
-
- If you would like a copy of all the replies that I received, I will be happy to send them to you.
-
- Melissa A. Hines
- Dept. of Chemistry
- Stanford University
-
