Date: Tue, 18 Dec 2001 12:59:44 -0600 From: jacks@sage-american.com To: Rakesh Prajapati <rprajapa@sdf.lonestar.org>, <freebsd-questions@FreeBSD.ORG> Subject: Re: Anonymous ftp , passwd , group file Message-ID: <3.0.5.32.20011218125944.0157afe0@mail.sage-american.com> In-Reply-To: <Pine.NEB.4.33.0112181815380.7307-100000@sdf.lonestar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm working on this same thing with 4.4-STABLE and have found that you may remove the "etc & bin" directories entirely for now. You make want to do some more reading about setting these up for later special logins and certain permissions. Also, I moved the "incoming" directory inside the "pub" directory where I'm use to seeing it... Now, I am waiting for the FBSD team to merge the "-o" option for FTPD into STABLE (it's in CURRENT now) so that I can set the "incoming to "write-only"... this will discourage anyone (like the warez kids) from uploading a bunch of files that can't be downloaded. The "-o" feature should be merged soon even before 4.5-STABLE release I am told.... (if you run the manpages for ftpd and on't see the "-o" option supported, you can't set it in the inetd.conf for the ftpd. Hope that helps... At 06:39 PM 12.18.2001 +0000, Rakesh Prajapati wrote: >Hi , > >I have a security related question. > >I am running FreeBSD 4.2 RELEASE and I am allowing Anonymous ftp to the >outside world. This box is setup at home. > >When I setup Anonymous ftp , it created the following files/directories >/var/ftp/bin >/var/ftp/etc/passwd >/var/ftp/etc/group >/var/ftp/incoming >/var/ftp/pub > > >What worries me is the presence of 2 files passwd and group in >/var/ftp/etc directory. > >I am assuming these files exist to authenticate login who dont login >anonymously. > > >Can these files be a security threat in some way????? >------------------------------------------------ > >The /var/ftp/etc/passwd and /var/ftp/etc/group files look like the usual >/etc/passwd and /etc/group files. > >bash-2.05a$ pwd >/var/ftp/etc >bash-2.05a$ cat group ># $FreeBSD: src/etc/group,v 1.19 1999/08/27 23:23:41 peter Exp $ ># >wheel:*:0:root >daemon:*:1:daemon >kmem:*:2:root >sys:*:3:root >tty:*:4:root >operator:*:5:root >mail:*:6: >bin:*:7: >news:*:8: >man:*:9: >games:*:13: >staff:*:20:root >guest:*:31:root >bind:*:53: >uucp:*:66: >xten:*:67:xten >dialer:*:68: >network:*:69: >bash-2.05a$ cat passwd ># $FreeBSD: src/etc/master.passwd,v 1.25 1999/09/13 17:09:07 peter Exp $ ># >root:*:0:0:Charlie &:/root:/bin/csh >toor:*:0:0:Bourne-again Superuser:/root: >daemon:*:1:1:Owner of many system processes:/root:/sbin/nologin >operator:*:2:5:System &:/:/sbin/nologin >bin:*:3:7:Binaries Commands and Source,,,:/:/sbin/nologin >tty:*:4:65533:Tty Sandbox:/:/sbin/nologin >kmem:*:5:65533:KMem Sandbox:/:/sbin/nologin >games:*:7:13:Games pseudo-user:/usr/games:/sbin/nologin >news:*:8:8:News Subsystem:/:/sbin/nologin >man:*:9:9:Mister Man Pages:/usr/share/man:/sbin/nologin >ftp:*:14:5:Anonymous FTP Admin:/var/ftp:/nonexistent >bash-2.05a$ > >Thanks in Advance >Rakesh > >rprajapa@sdf.lonestar.org >SDF Public Access UNIX System - http://sdf.lonestar.org > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > > Best regards, Jack L. Stone, Server Admin Sage-American http://www.sage-american.com jacks@sage-american.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.5.32.20011218125944.0157afe0>