chrisb@almsa-1.arpa (Christine Blumenkamp) (03/09/88)
I would like to know how to set up "anonymous" login accounts on several different systems that are on an Ethernet. These accounts will be established for people using FTP (File Transfer Protocol) who need to copy files to/from a remote system but do not have a personal login account on each system. Eventually there will be five Sperry 5000/80's running Unix System V.3 and two Vaxen running Unix BSD 4.3 on this Ethernet. I'm particularly concerned about security issues - will placing them in a restricted shell and keeping a watchful eye on file/directory permissions be sufficient? Are there any references that would be useful reading? Thank you for any help you can give me. Christy Blumenkamp Christy Blumenkamp <chrisb@almsa-1.arpa> USAMC ALMSA, ATTN: AMXAL-TC, Box 1578, St. Louis, MO 63188-1578 COMMERCIAL: (314) 263-5646 AUTOVON: 693-5646 uunet.uu.net!chrisb@almsa-1.arpa
mesard@bbn.com (Wayne Mesard) (03/09/88)
From article <12181@brl-adm.ARPA>, by chrisb@almsa-1.arpa (Christine Blumenkamp): > I would like to know how to set up "anonymous" login accounts on several > different systems that are on an Ethernet. These accounts will be established > for people using FTP (File Transfer Protocol) who need to copy files to/from >[...] > Are there any references that would be useful reading? man 8C ftpd Anonymous ftp connections do not have access to the entire file structure. Typically, a chroot(2) is done to limit access to files and directories contained in /usr/ftp. Follow the directions in the ftpd(8C) man page carefully since the ftp daemon runs as super-user. It's secure, but only if you get the protections right. Once you've set things up, try it out to make sure anonymous users can't do anything nasty. -- Wayne Mesard | "The people of the North End don't like the city telling us MESARD@BBN.COM | where and when we can and can't park our cars. So as soon BBN Labs, | as they fix the meters, we jam em and break em, and paint em. Cambridge, MA | We call it a local referendum." -JS