Date: Thu, 3 Feb 2000 12:49:24 -0600 From: Lucas Bergman <iceberg@pobox.com> To: Marc Wandschneider <marcw@lanfear.com> Cc: freebsd-questions@freebsd.org Subject: Re: Securing ftpd Message-ID: <20000203124924.A99674@comp04.prc.uic.edu> In-Reply-To: <AKEALEPEFAKLKAPCDLILKEIOIKAA.marcw@lanfear.com>; from marcw@lanfear.com on Thu, Feb 03, 2000 at 09:50:45AM -0800 References: <AKEALEPEFAKLKAPCDLILKEIOIKAA.marcw@lanfear.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> 1. what does the directory entry drwxrwxrwt ..... mean? my incoming > directory is listed as this, but i don't recall seeing the 't' before. t = sticky bit. From chmod(1): 1000 (the sticky bit) When set on a directory, unprivileged users can delete and rename only those files in the direc- tory that are owned by them, regardless of the permissions on the directory. Under FreeBSD, the sticky bit is ignored for executable files and may only be set for directories (see sticky(8)). Note that having ~ftp/incoming set to mode 1777 is begging to have your site used for a warez dump, since files which are uploaded are immediately world-readable. There's some info on setting up upload directories at http://www.cert.org/ftp/tech_tips/anonymous_ftp_config though it's not necessarily perfect. Note that big, fancy FTP servers like wu-ftpd have clever ways through config files of controlling upload directories, but I can't (nor can anyone else, AFAIK) vouch for their security. > 2. to prevent uploads, do i merely have to removing the incoming > directory? Yes, and remove any other world-writable areas under ~ftp, of course. HTH, Lucas -- S. Lucas Bergman Northwestern University Mathematics Department PGP Public Key (0xC0C73619): http://pobox.com/~iceberg/pgpkey.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000203124924.A99674>