From owner-freebsd-isp Thu Jun 6 10:00:20 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id KAA15176 for isp-outgoing; Thu, 6 Jun 1996 10:00:20 -0700 (PDT) Received: from connet80.com (connet80.connet80.com [199.2.214.253]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id KAA15158 for ; Thu, 6 Jun 1996 10:00:11 -0700 (PDT) Received: (from meljr@localhost) by connet80.com (8.6.11/8.6.9) id JAA03220; Thu, 6 Jun 1996 09:59:13 -0700 Date: Thu, 6 Jun 1996 09:59:12 -0700 (PDT) From: "Mel Lester Jr." To: Rick Gray cc: freebsd-isp@freebsd.org Subject: Re: Anon FTP In-Reply-To: <1.5.4.32.19960606144722.0068bae0@nwpros.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Thu, 6 Jun 1996, Rick Gray wrote: > I have searched the data base on the freebsd.org home page and can't > find my answer so here goes... Funny you should ask. I decided to allow anoymous ftp access just last week. All of the information I needed was in the manual (man ftpd) and I would rate myself as a novice administrator. This particular page is a cut above most others and is a great example of what technical writers should strive for. > I have followed the setup for Anon FTP to the tee and if I try to FTP > into my system, I cannot see any files. It seems to put me in the root > directory ( / ) but no files or directories are seen. (Normal FTP > operations for users work fine!) I have all the permissions set > according to the man pages and made sure that I had a usable shell set > in /etc/shells (/bin/csh). Do I need a fake user account to make this > work? Yes, you need to set up a user account for user login ``ftp''. This allows anyone to do a ftp login as user anonymous or ftp. Apparently, they are supposed to leave their email address as a password, but I don't think this is enforced. user ftp in the /etc/passwd file needs a home directory and some special precautions need to be observed: for example, here is the entry for user ftp from my /etc/passwd file: ftp:*:1062:1062:ftp user,,,:/home/ftp:/sbin/nologin make the ftp home directory owned by root and don't allow writing by anyone (use the chmod command to change the mode to 555). create a subdirectory under the ftp home directory called bin and make it's mode 555 (also unwritable by anyone). Copy or link the system ls program into this directory and make it's mode 111. create another subdirectory under the ftp home directory called etc, make it's mode 555 also. link the files /etc/passwd and /etc/group into this subdirectory and make these files mode 444. This will allow the ls command file in the ~ftp/bin directory to associate owners and group names with files. create a final subdirectory under the ftp home directory called pub and make it's mode 777. User ftp owns this directory. Files may than be placed or retrieved from this directory by anonymous ftp or your regular users. I hope this gets you over the top. By the way, all the usual disclaimers apply. The man page mentions what type of additional security risks might be encountered, so I won't get into that here. -mel +---------------------------------------------------------------------------+ | Mel Lester Jr. meljr@ConNet80.com - Operations Manager ConNet80 | | ConNet80 - PDX's Fast Lane on the Information SuperHighway | | Connect with ConNet80, it pays! http://www.ConNet80.com/~meljr | +---------------------------------------------------------------------------+