Date: Fri, 16 Feb 2001 11:32:35 -0600 From: Scott Johnson <sjohn@airlinksys.com> To: "Frank W. Miller" <fwmiller@macalpine.cornfed.com> Cc: freebsd-security@FreeBSD.org Subject: Re: ftpd Message-ID: <20010216113235.A43414@ns2.airlinksys.com> In-Reply-To: <200102161226.HAA22233@macalpine.cornfed.com>; from fwmiller@macalpine.cornfed.com on Fri, Feb 16, 2001 at 07:26:16AM -0500 References: <200102161226.HAA22233@macalpine.cornfed.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoth Frank W. Miller [fwmiller@macalpine.cornfed.com] on Fri, Feb 16, 2001 at 07:26:16AM -0500: > The replies I got can be summarized as: > > 1) Disallow access for anonymous users by either removing the ftp user > from the password file or adding ftp to /etc/ftpusers > > 2) Change the write permissions on pub (which is the directory I want to > protect) to disallow writes. > > The first solution does not solve my problem. I want to allow anonymous > users to download from my machine but I dont want them to be able to > upload files or create directories. The second solution doesnt work > might work. I had my permission set as 755 on the pub directory and have > changed them to 555. That seems to disallow creating directories and > I can still copy files to the directory as root. Anonymous users have the rights of user account ftp, while local users have the rights of that user. Your directory needs to be writable by local users, not anyone else. Create a group for the local users, and put the users in it. chown(8) the directory to root:ftpwriters, and give permissions 775. User ftp shouldn't be able to write to the directory. Scott Johnson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010216113235.A43414>