Date: Tue, 18 Dec 2001 13:04:50 -0600 From: jacks@sage-american.com To: Rakesh Prajapati <rprajapa@sdf.lonestar.org>, <freebsd-questions@FreeBSD.ORG> Subject: Re: Anonymous ftp , passwd , group file Message-ID: <3.0.5.32.20011218130450.0157afe0@mail.sage-american.com> In-Reply-To: <Pine.NEB.4.33.0112181815380.7307-100000@sdf.lonestar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
....follow-up. I just been advised that the "-o" (and "-O") options have been merged. Som a CVSup will update the 4.4-stable... dunno about 4.2-RELEASE though... (run the manpage for ftpd and look for the -o option). If planning to set more secure permissions for FTP, you may want to consider moving up to the 4.4 version... or wait until the 4.5 is available in late January. Of coures, if you prefer RELEASE, then that's a horse of a different color . At 06:39 PM 12.18.2001 +0000, Rakesh Prajapati wrote: >Hi , > >I have a security related question. > >I am running FreeBSD 4.2 RELEASE and I am allowing Anonymous ftp to the >outside world. This box is setup at home. > >When I setup Anonymous ftp , it created the following files/directories >/var/ftp/bin >/var/ftp/etc/passwd >/var/ftp/etc/group >/var/ftp/incoming >/var/ftp/pub > > >What worries me is the presence of 2 files passwd and group in >/var/ftp/etc directory. > >I am assuming these files exist to authenticate login who dont login >anonymously. > > >Can these files be a security threat in some way????? >------------------------------------------------ > >The /var/ftp/etc/passwd and /var/ftp/etc/group files look like the usual >/etc/passwd and /etc/group files. > >bash-2.05a$ pwd >/var/ftp/etc >bash-2.05a$ cat group ># $FreeBSD: src/etc/group,v 1.19 1999/08/27 23:23:41 peter Exp $ ># >wheel:*:0:root >daemon:*:1:daemon >kmem:*:2:root >sys:*:3:root >tty:*:4:root >operator:*:5:root >mail:*:6: >bin:*:7: >news:*:8: >man:*:9: >games:*:13: >staff:*:20:root >guest:*:31:root >bind:*:53: >uucp:*:66: >xten:*:67:xten >dialer:*:68: >network:*:69: >bash-2.05a$ cat passwd ># $FreeBSD: src/etc/master.passwd,v 1.25 1999/09/13 17:09:07 peter Exp $ ># >root:*:0:0:Charlie &:/root:/bin/csh >toor:*:0:0:Bourne-again Superuser:/root: >daemon:*:1:1:Owner of many system processes:/root:/sbin/nologin >operator:*:2:5:System &:/:/sbin/nologin >bin:*:3:7:Binaries Commands and Source,,,:/:/sbin/nologin >tty:*:4:65533:Tty Sandbox:/:/sbin/nologin >kmem:*:5:65533:KMem Sandbox:/:/sbin/nologin >games:*:7:13:Games pseudo-user:/usr/games:/sbin/nologin >news:*:8:8:News Subsystem:/:/sbin/nologin >man:*:9:9:Mister Man Pages:/usr/share/man:/sbin/nologin >ftp:*:14:5:Anonymous FTP Admin:/var/ftp:/nonexistent >bash-2.05a$ > >Thanks in Advance >Rakesh > >rprajapa@sdf.lonestar.org >SDF Public Access UNIX System - http://sdf.lonestar.org > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > > Best regards, Jack L. Stone, Server Admin Sage-American http://www.sage-american.com jacks@sage-american.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.5.32.20011218130450.0157afe0>