From owner-freebsd-questions  Tue Dec 18 10:39:26 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from sdf.lonestar.org (sdf.lonestar.org [209.221.165.117])
	by hub.freebsd.org (Postfix) with ESMTP id 3CC0237B416
	for <freebsd-questions@freebsd.org>; Tue, 18 Dec 2001 10:39:18 -0800 (PST)
Received: by sdf.lonestar.org (8.11.6/8.11.6) id fBIId0C29354;
	Tue, 18 Dec 2001 18:39:00 GMT
Date: Tue, 18 Dec 2001 18:39:00 +0000 (UTC)
From: Rakesh Prajapati <rprajapa@sdf.lonestar.org>
To: <freebsd-questions@freebsd.org>
Subject: Anonymous ftp , passwd , group file
Message-ID: <Pine.NEB.4.33.0112181815380.7307-100000@sdf.lonestar.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hi ,

I have a security related question.

I am running FreeBSD 4.2 RELEASE and I am allowing Anonymous ftp to the
outside world. This box is setup at home.

When I setup Anonymous ftp , it created the following files/directories
/var/ftp/bin
/var/ftp/etc/passwd
/var/ftp/etc/group
/var/ftp/incoming
/var/ftp/pub


What worries me is the presence of 2 files passwd and group in
/var/ftp/etc directory.

I am assuming these files exist to authenticate login who dont login
anonymously.


Can these files be a security threat in some way?????
------------------------------------------------

The /var/ftp/etc/passwd and /var/ftp/etc/group files look like the usual
/etc/passwd and /etc/group files.

bash-2.05a$ pwd
/var/ftp/etc
bash-2.05a$ cat group
# $FreeBSD: src/etc/group,v 1.19 1999/08/27 23:23:41 peter Exp $
#
wheel:*:0:root
daemon:*:1:daemon
kmem:*:2:root
sys:*:3:root
tty:*:4:root
operator:*:5:root
mail:*:6:
bin:*:7:
news:*:8:
man:*:9:
games:*:13:
staff:*:20:root
guest:*:31:root
bind:*:53:
uucp:*:66:
xten:*:67:xten
dialer:*:68:
network:*:69:
bash-2.05a$ cat passwd
# $FreeBSD: src/etc/master.passwd,v 1.25 1999/09/13 17:09:07 peter Exp $
#
root:*:0:0:Charlie &:/root:/bin/csh
toor:*:0:0:Bourne-again Superuser:/root:
daemon:*:1:1:Owner of many system processes:/root:/sbin/nologin
operator:*:2:5:System &:/:/sbin/nologin
bin:*:3:7:Binaries Commands and Source,,,:/:/sbin/nologin
tty:*:4:65533:Tty Sandbox:/:/sbin/nologin
kmem:*:5:65533:KMem Sandbox:/:/sbin/nologin
games:*:7:13:Games pseudo-user:/usr/games:/sbin/nologin
news:*:8:8:News Subsystem:/:/sbin/nologin
man:*:9:9:Mister Man Pages:/usr/share/man:/sbin/nologin
ftp:*:14:5:Anonymous FTP Admin:/var/ftp:/nonexistent
bash-2.05a$

Thanks in Advance
Rakesh

rprajapa@sdf.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message