hines@portia.Stanford.EDU (Melissa Hines) (12/06/90)
About a week ago, I asked the net how to set up an ftp anonymous account.
Here is a summary of the replies. Many thanks to the people who took
the time to answer my question!
Simple answer -- RTFM!
This is actually a little trickier than it sounds! You need to look at
man ftpd.
More verbose answer:
I received a number of replies that were all very similar. The one I
quote here came from the SRI Intl. Report "Improving the Security of
Your Unix System" via Andi Karrer.
___________________________________________________________________________
1) make sure your /usr/etc/ftpd (or ftpd.gw) is newer than Dec 1988. If not
urge DEC to give you a new one cause this one may have a real bug.
2) make a user "ftp". Disable the password (put * in the second field).
make the login directory to where you want to put the anon ftp files.
The /etc/passwd entry should look like:
ftp:*:12:12:Anon ftp:/usr/local/ftp:/bin/true
The /etc/group entry should look like:
ftp:*:12:
make sure uid and gid are normal user id's, e.g not "root".
**** Very important ****
3) make a home directory for ftp unwritable by anyone:
# mkdir /usr/local/ftp
# chown ftp ~ftp
# chmod 555 ~ftp
4) make the directory ~ftp/bin, owned by root and unwritable by anyone. Put
a copy of the "ls" program there:
# mkdir ~ftp/bin
# chown root ~ftp/bin
# chmod 555 ~ftp/bin
# cp -p /bin/ls ~ftp/bin
# chmod 111 ~ftp/bin/ls
5) make the directory ~ftp/etc, owned by root and unwritable by anyone. put
a stripped-down copy of /etc/passwd and /etc/group there. the files
should only contain the entry for the user "ftp".
# mkdir ~ftp/etc
# chown root ~ftp/etc
# chmod 555 ~ftp/etc
# grep '^ftp:' /etc/passwd > ~ftp/etc/passwd
# grep '^ftp:' /etc/group > ~ftp/etc/group
# chmod 444 ~ftp/etc/passwd ~ftp/etc/group
6) make the directory ~ftp/etc/pub, owned by "ftp" and writable by anyone.
anon ftp users may the place files there. alternatively, if you want anon
ftp users only to be able to GET fies from your system, make the directory
unwritable by anyone except root.
# mkdir ~ftp/pub
# chown ftp ~ftp/pub
# chmod 777 ~ftp/pub - or 555
_____________________________________________________________________________
Thanks to all the people who replied
Andi Karrer
Tim Ramsey
Joe Hamlin
David Elliott
Nick Sayer
Jeff Kays
Gary Weimer
If you would like a copy of all the replies that I received, I will be happy to send them to you.
Melissa A. Hines
Dept. of Chemistry
Stanford University