GUTEST6@cc1.kuleuven.ac.be (Kris Van Hees) (03/07/91)
Hello, We are installing a restricted user system, for local users who want to download. Now, these users are placed in a restricted shell, to avoid security problems. Althought it isn't a problem, there might be a leak through FTP (we just don't know). To decrease this chance we are looking for a restricted version of FTP. Is such existing and where? Regards, Kris Van Hees, GUTEST6@cc1.kuleuven.ac.be
hendrik@cca.vu.nl (Hendrik te Winkel) (03/07/91)
GUTEST6@cc1.kuleuven.ac.be (Kris Van Hees) writes: >We are installing a restricted user system, for local users who want to >download. Now, these users are placed in a restricted shell, to avoid >security problems. Althought it isn't a problem, there might be a leak >through FTP (we just don't know). To decrease this chance we are looking >for a restricted version of FTP. Is such existing and where? Kris, The SunOS documentation describes very clearly how to install anonymous ftp. I don't feel like typing it over all, but it's very clear and usefull. They of course write something about security and so on, but their approach sounds quite good, and everybodoy on the Internet uses it. I'd suggest you use their techniques, if you need help, I'm sure there are a 'googool' people who want to help you. Success, Hendrik. -- Hendrik te Winkel hendrik@cca.vu.nl You think your life is so empty, but it's really so full of the things you never thought mattered. - John Cale
weimer@garden.kodak.COM (Gary Weimer (588-0953)) (03/12/91)
In article <91065.181715GUTEST6@cc1.kuleuven.ac.be>, GUTEST6@cc1.kuleuven.ac.be (Kris Van Hees) writes: |> We are installing a restricted user system, for local users who want to |> download. Now, these users are placed in a restricted shell, to avoid |> security problems. Althought it isn't a problem, there might be a leak |> through FTP (we just don't know). To decrease this chance we are looking |> for a restricted version of FTP. Is such existing and where? Assuming you mean you want a restricted FTP for users to ftp FROM your machine: Normal FTP can be a problem because users can use the ! to run anything in bourne shell (or the shell specified by the environment variable SHELL). IF you have source, a quick fix would be to put a return at the top of function used to execute shell commands (printing an error message is optional). lcd and other commands may also be a problem. Forcing users to ftp TO your machine (limit access to ftp) could avoid all these problems. Assuming you mean you want a restricted FTP for users to ftp TO your machine: You actually want a restricted ftpd (the ftp daemon). As mentioned by someone else, you can use anonymous ftp for this. In my case, I wanted anonymous ftp AND I wanted to restrict a specific user who I also required a password from. To accomplish this, I set the guest flag to true after getting the password for that account (this requires source code). This causes the ftpd to perform the chroot for this account as well as anonymous ftp. weimer@ssd.kodak.com ( Gary Weimer )