From owner-freebsd-isp  Wed Aug 21 21:46:40 2002
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4E57D37B400
	for <freebsd-isp@freebsd.org>; Wed, 21 Aug 2002 21:46:37 -0700 (PDT)
Received: from misery.sdf.com (misery.sdf.com [207.200.153.226])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 878BB43E6E
	for <freebsd-isp@freebsd.org>; Wed, 21 Aug 2002 21:46:35 -0700 (PDT)
	(envelope-from tom@sdf.com)
Received: from tom (helo=localhost)
	by misery.sdf.com with local-esmtp (Exim 2.12 #1)
	id 17hish-0006Fk-00; Wed, 21 Aug 2002 20:43:35 -0700
Date: Wed, 21 Aug 2002 20:43:34 -0700 (PDT)
From: Tom Samplonius <tom@sdf.com>
To: Marcel Mason <mmasonb208@rogers.com>
Cc: freebsd-isp@freebsd.org
Subject: Re: Annonymous FTP permissions - no execute
In-Reply-To: <000701c2496c$479e7da0$054b2a18@mdmh8ueyqj8ff4>
Message-ID: <Pine.BSF.4.05.10208212038230.656-100000@misery.sdf.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org


  "x" on a directory does not limit execute access.  "x" only works that
way on files.  "x" on a directory allows the owner to search the
directory.

  Limiting execute access is not going to stop your incoming area from
becoming a warez haven.  In fact, any sort of sane FTP server isn't going
to allow you to execute files by default anyhow, and there a lot of ways
to prevent non-FTP (shell) users from seeing the anonymous incoming area.

  Most FTP servers have an option to apply a specific mode to uploaded
files.  Many sites use "0000" to ensure that uploaded files can't be
downloaded by anyone, until an admin changes the mode.

Tom

On Wed, 21 Aug 2002, Marcel Mason wrote:

> I would like to allow annonymous users to upload files to FreeBSD 4.4
> server.
> 
> The default install puts ftp in /var/ftp, I would like annonymous users to
> be able to upload files to /var/ftp/pub/incoming but not have execute
> permissions on that directory. Getting the (world) permissions of rw- is not
> difficult however when they are set like that no directory listing is
> available - unless I am doing something wrong - until I use rwx however I am
> not really interested in giving annonymous users the ability to upload
> scripts and run them.
> 
> Is there any way (other than constant monitoring) to prevent this type of
> folder from becoming a warez haven?
> 
> Any suggestions appreciated.
> 
> M
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the message
> 
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message