From owner-freebsd-questions@FreeBSD.ORG Tue Aug 31 16:44:23 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 81BBA16A4CF for ; Tue, 31 Aug 2004 16:44:23 +0000 (GMT) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id B73B043D60 for ; Tue, 31 Aug 2004 16:44:22 +0000 (GMT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) i7VGiI6W035196 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 31 Aug 2004 17:44:18 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)i7VGiIlS035195; Tue, 31 Aug 2004 17:44:18 +0100 (BST) (envelope-from matthew) Date: Tue, 31 Aug 2004 17:44:18 +0100 From: Matthew Seaman To: lycanthrope Message-ID: <20040831164418.GB34798@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , lycanthrope , freebsd-questions@freebsd.org References: <001401c48f73$feb2fad0$1205a8c0@jkhahhytncost7> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Yylu36WmvOXNoKYn" Content-Disposition: inline In-Reply-To: <001401c48f73$feb2fad0$1205a8c0@jkhahhytncost7> User-Agent: Mutt/1.4.2.1i X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.5.6 (smtp.infracaninophile.co.uk [IPv6:::1]); Tue, 31 Aug 2004 17:44:18 +0100 (BST) X-Virus-Scanned: clamd / ClamAV version devel-20040705, clamav-milter version 0.74a on smtp.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, hits=-4.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.64 X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on happy-idiot-talk.infracaninophile.co.uk cc: freebsd-questions@freebsd.org Subject: Re: FTP server X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Aug 2004 16:44:23 -0000 --Yylu36WmvOXNoKYn Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 31, 2004 at 06:03:02PM +0200, lycanthrope wrote: > I'm trying to set up FTP server. I enable the line in inetd, created a us= er ftp in group ftp. now, the ftp user and anonymous can log into FTP, and = download. BUT, anonymous user can ALSO UPLOAD. how to restrict anonymous ac= count to downloading only? The simplest thing to do is to make the anonymous FTP area readable by the ftp UID, but not writable. Assuming your ftp user also has ftp as it's primary group: # chown -R root:ftp ~ftp/pub # chmod -R o+rwX,g-w+rX,o-rwx ~ftp/pub should do the trick, assuming you're going by the comments towards the end of ftpd(8) man page on how to lay out the anonymous FTP area. If you need to create a group 'ftp' use: # pw group add -n ftp -g 21 -M root and to make that the primary group of the ftp user: # pw user mod -n ftp -g ftp Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --Yylu36WmvOXNoKYn Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (FreeBSD) iD8DBQFBNKriiD657aJF7eIRAkwdAJ9YrXIhbX90qnlsb1/K9hoxxN0HswCeJYdJ wRhmypcn3OUXliQsLKvS+6g= =HA8l -----END PGP SIGNATURE----- --Yylu36WmvOXNoKYn--