From owner-freebsd-questions Thu Jul 11 6:37:45 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F373937B400 for ; Thu, 11 Jul 2002 06:37:42 -0700 (PDT) Received: from mail.gbronline.com (mail.gbronline.com [12.145.226.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5A48643E52 for ; Thu, 11 Jul 2002 06:37:41 -0700 (PDT) (envelope-from kdk@daleco.biz) Received: from daleco [12.145.236.91] by mail.gbronline.com (SMTPD32-7.10) id A9BA1D5D005C; Thu, 11 Jul 2002 08:35:54 -0500 Message-ID: <009401c228e0$0ff205e0$5bec910c@fbccarthage.com> From: "Kevin Kinsey, DaleCo, S.P." To: , References: <298430-2200274119217578@infomaniak.ch> <00f601c2285e$2f0838a0$7553fea9@ab.hsia.telus.net> <20020711110756.GE5301@catflap.home.slightlystrange.or> Subject: Re: Mail Server using your IP & FTP in Root Date: Thu, 11 Jul 2002 08:37:11 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG ----- Original Message ----- From: "Daniel Bye" To: Sent: Thursday, July 11, 2002 6:07 AM Subject: Re: Mail Server using your IP & FTP in Root 2. when I attempt to ftp from root I get" 530 User root access denied." > > Where do I look up these error values. Everyone else can log on? I don't > > know what I did which isn't good for security. > > I bet "root" is mentioned in your /etc/ftpusers file, eh? It lists user > names that are NOT allowed to connect to the FTP service. Leaving root > in this list is a good idea - for at least two reasons. FTP passwords > are passed in cleartext on the wire, so can be easily sniffed. This is > bad. It's very bad indeed if it leads to your root password being > discovered. Also, for the same reason it's a bad idea to log in and > work as root - it is all too easy with an innocuous-looking typo to > wreck your system. > > HTH > > Dan > Standard procedure is to set up a seperate user in the wheel group for yourself. Use this for any activity that doesn't *require* root permission. In the case of connecting to your FTP server, even if you ARE root at the time, it's best to use: #ftp username@host.domain.tld where username is the "other account." And Daniels is very correct about the security of even this issue. If you are connecting over the "outside" Internet these user/pass combos could be sniffed and used to gain access to your box. Investigate SSH ( try PuTTY) and SecureFTP a client is also available that corresponds to PuTTY.... KDK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message