Date: Tue, 18 Dec 2001 18:39:00 +0000 (UTC) From: Rakesh Prajapati <rprajapa@sdf.lonestar.org> To: <freebsd-questions@freebsd.org> Subject: Anonymous ftp , passwd , group file Message-ID: <Pine.NEB.4.33.0112181815380.7307-100000@sdf.lonestar.org>
next in thread | raw e-mail | index | archive | help
Hi , I have a security related question. I am running FreeBSD 4.2 RELEASE and I am allowing Anonymous ftp to the outside world. This box is setup at home. When I setup Anonymous ftp , it created the following files/directories /var/ftp/bin /var/ftp/etc/passwd /var/ftp/etc/group /var/ftp/incoming /var/ftp/pub What worries me is the presence of 2 files passwd and group in /var/ftp/etc directory. I am assuming these files exist to authenticate login who dont login anonymously. Can these files be a security threat in some way????? ------------------------------------------------ The /var/ftp/etc/passwd and /var/ftp/etc/group files look like the usual /etc/passwd and /etc/group files. bash-2.05a$ pwd /var/ftp/etc bash-2.05a$ cat group # $FreeBSD: src/etc/group,v 1.19 1999/08/27 23:23:41 peter Exp $ # wheel:*:0:root daemon:*:1:daemon kmem:*:2:root sys:*:3:root tty:*:4:root operator:*:5:root mail:*:6: bin:*:7: news:*:8: man:*:9: games:*:13: staff:*:20:root guest:*:31:root bind:*:53: uucp:*:66: xten:*:67:xten dialer:*:68: network:*:69: bash-2.05a$ cat passwd # $FreeBSD: src/etc/master.passwd,v 1.25 1999/09/13 17:09:07 peter Exp $ # root:*:0:0:Charlie &:/root:/bin/csh toor:*:0:0:Bourne-again Superuser:/root: daemon:*:1:1:Owner of many system processes:/root:/sbin/nologin operator:*:2:5:System &:/:/sbin/nologin bin:*:3:7:Binaries Commands and Source,,,:/:/sbin/nologin tty:*:4:65533:Tty Sandbox:/:/sbin/nologin kmem:*:5:65533:KMem Sandbox:/:/sbin/nologin games:*:7:13:Games pseudo-user:/usr/games:/sbin/nologin news:*:8:8:News Subsystem:/:/sbin/nologin man:*:9:9:Mister Man Pages:/usr/share/man:/sbin/nologin ftp:*:14:5:Anonymous FTP Admin:/var/ftp:/nonexistent bash-2.05a$ Thanks in Advance Rakesh rprajapa@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.4.33.0112181815380.7307-100000>