From owner-freebsd-isp  Wed Aug 21 17:23:28 2002
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 75F5537B400
	for <freebsd-isp@FreeBSD.ORG>; Wed, 21 Aug 2002 17:23:25 -0700 (PDT)
Received: from kasie.rwsystems.net (82.45.d1c4.cidr.airmail.net [209.196.69.130])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9DB1443E72
	for <freebsd-isp@FreeBSD.ORG>; Wed, 21 Aug 2002 17:23:24 -0700 (PDT)
	(envelope-from jwyatt@RWSystems.net)
Received: from localhost (jwyatt@localhost)
	by kasie.rwsystems.net (8.11.6/8.11.6) with ESMTP id g7M0NmS15099;
	Wed, 21 Aug 2002 19:23:48 -0500 (CDT)
	(envelope-from jwyatt@RWSystems.net)
Date: Wed, 21 Aug 2002 19:23:48 -0500 (CDT)
From: James Wyatt <jwyatt@RWSystems.net>
To: Marcel Mason <mmasonb208@rogers.com>
Cc: <freebsd-isp@FreeBSD.ORG>
Subject: Re: Annonymous FTP permissions - no execute
In-Reply-To: <000701c2496c$479e7da0$054b2a18@mdmh8ueyqj8ff4>
Message-ID: <20020821192131.D15077-100000@kasie.rwsystems.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

We put the incoming directory as a separate filesystem. That way you can
just mount it with the "noexec" option and the problem goes away. I don't
think it stops them from saying "sh scriptfile" if there is an interpreter
line sh, ksh, awk, or perl in the path, though. HTH - Jy@

On Wed, 21 Aug 2002, Marcel Mason wrote:
> I would like to allow annonymous users to upload files to FreeBSD 4.4
> server.
>
> The default install puts ftp in /var/ftp, I would like annonymous users to
> be able to upload files to /var/ftp/pub/incoming but not have execute
> permissions on that directory. Getting the (world) permissions of rw- is not
> difficult however when they are set like that no directory listing is
> available - unless I am doing something wrong - until I use rwx however I am
> not really interested in giving annonymous users the ability to upload
> scripts and run them.
>
> Is there any way (other than constant monitoring) to prevent this type of
> folder from becoming a warez haven?
>
> Any suggestions appreciated.
>
> M


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message