From owner-freebsd-questions Tue Dec 18 10:59:58 2001 Delivered-To: freebsd-questions@freebsd.org Received: from sage-american.com (sage-american.com [216.122.141.44]) by hub.freebsd.org (Postfix) with ESMTP id B08C337B503 for ; Tue, 18 Dec 2001 10:59:51 -0800 (PST) Received: from SAGEONE (adsl-64-219-21-136.dsl.crchtx.swbell.net [64.219.21.136]) by sage-american.com (8.9.3/8.9.3) with SMTP id MAA06644; Tue, 18 Dec 2001 12:59:46 -0600 (CST) Message-Id: <3.0.5.32.20011218125944.0157afe0@mail.sage-american.com> X-Sender: jacks@mail.sage-american.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Tue, 18 Dec 2001 12:59:44 -0600 To: Rakesh Prajapati , From: jacks@sage-american.com Subject: Re: Anonymous ftp , passwd , group file In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I'm working on this same thing with 4.4-STABLE and have found that you may remove the "etc & bin" directories entirely for now. You make want to do some more reading about setting these up for later special logins and certain permissions. Also, I moved the "incoming" directory inside the "pub" directory where I'm use to seeing it... Now, I am waiting for the FBSD team to merge the "-o" option for FTPD into STABLE (it's in CURRENT now) so that I can set the "incoming to "write-only"... this will discourage anyone (like the warez kids) from uploading a bunch of files that can't be downloaded. The "-o" feature should be merged soon even before 4.5-STABLE release I am told.... (if you run the manpages for ftpd and on't see the "-o" option supported, you can't set it in the inetd.conf for the ftpd. Hope that helps... At 06:39 PM 12.18.2001 +0000, Rakesh Prajapati wrote: >Hi , > >I have a security related question. > >I am running FreeBSD 4.2 RELEASE and I am allowing Anonymous ftp to the >outside world. This box is setup at home. > >When I setup Anonymous ftp , it created the following files/directories >/var/ftp/bin >/var/ftp/etc/passwd >/var/ftp/etc/group >/var/ftp/incoming >/var/ftp/pub > > >What worries me is the presence of 2 files passwd and group in >/var/ftp/etc directory. > >I am assuming these files exist to authenticate login who dont login >anonymously. > > >Can these files be a security threat in some way????? >------------------------------------------------ > >The /var/ftp/etc/passwd and /var/ftp/etc/group files look like the usual >/etc/passwd and /etc/group files. > >bash-2.05a$ pwd >/var/ftp/etc >bash-2.05a$ cat group ># $FreeBSD: src/etc/group,v 1.19 1999/08/27 23:23:41 peter Exp $ ># >wheel:*:0:root >daemon:*:1:daemon >kmem:*:2:root >sys:*:3:root >tty:*:4:root >operator:*:5:root >mail:*:6: >bin:*:7: >news:*:8: >man:*:9: >games:*:13: >staff:*:20:root >guest:*:31:root >bind:*:53: >uucp:*:66: >xten:*:67:xten >dialer:*:68: >network:*:69: >bash-2.05a$ cat passwd ># $FreeBSD: src/etc/master.passwd,v 1.25 1999/09/13 17:09:07 peter Exp $ ># >root:*:0:0:Charlie &:/root:/bin/csh >toor:*:0:0:Bourne-again Superuser:/root: >daemon:*:1:1:Owner of many system processes:/root:/sbin/nologin >operator:*:2:5:System &:/:/sbin/nologin >bin:*:3:7:Binaries Commands and Source,,,:/:/sbin/nologin >tty:*:4:65533:Tty Sandbox:/:/sbin/nologin >kmem:*:5:65533:KMem Sandbox:/:/sbin/nologin >games:*:7:13:Games pseudo-user:/usr/games:/sbin/nologin >news:*:8:8:News Subsystem:/:/sbin/nologin >man:*:9:9:Mister Man Pages:/usr/share/man:/sbin/nologin >ftp:*:14:5:Anonymous FTP Admin:/var/ftp:/nonexistent >bash-2.05a$ > >Thanks in Advance >Rakesh > >rprajapa@sdf.lonestar.org >SDF Public Access UNIX System - http://sdf.lonestar.org > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > > Best regards, Jack L. Stone, Server Admin Sage-American http://www.sage-american.com jacks@sage-american.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message