Anonymous FTP per request
2007-12-25 8:24:00
Thank you so much for so many response. I have successfully set
up Anonymous FTP. I love this dl. Following is the procedure that I followed
with few changes sent to me by Rick Dyson. Only one change I hade to make to
this procedure.
I am forwarding this for those of you who were interested.
1) Create the user ftp in /etc/passwd. Use a misc group. The user`s
home directory will be ~ftp where ~ftp is the root you wish anonymous
users to see. Use an invalid password and user shell for better
security. The entry in the passwd file should look something like:
ftp:*:400:400:Anonymous FTP:/home/ftp:/bin/true
2) Create the home directory ~ftp. Make the directory owned by you (NOT ftp)
with the same group as ftp. Thus, owner permissions are for you and group
permissions are for the anonymous users. Set the permissions for ~ftp to
555 (read, nowrite, execute).
3) Create the directory ~ftp/bin. This directory is owned by root (group
wheel) with permissions 555.
4) Copy the program ls into ~ftp/bin. ls is owned by root with permissions
111 (noread, nowrite, execute).
5) Create the directory ~ftp/usr. This directory is owned by root with
permissions 555.
6) Create the directory ~ftp/usr/lib. This directory is owned by root with
permissions 555.
7) Copy the runtime loader ld.so into ~ftp/usr/lib for use by ls. ld.so is
owned by root with permissions 555.
8) Copy the latest version of the shared C library, libc.so.* into
~ftp/usr/lib for use by ls. libc.so.* is owned by root with permissions
555.
*** 4.1.2 users: you also need to copy /usr/lib/libdl.so.* to /ftp/lib.
9) Create the directory ~ftp/dev. This directory is owned by root with
permissions 444.
10) ~ftp/dev/zero is needed by the runtime loader. Move into the directory
~ftp/dev and create it with the command mknod zero c 3 12.
example:
your_machine> mkdir /usr/ftp/dev
your_machine> cd /usr/ftp/dev
your_machine> mknod zero c 3 12
***For novices: WARNING!! Don't try to copy /dev/zero to ~ftp/dev/zero!!
This is an endless files of zeroes and it will completely fill you filesystem!
***
11) Make the directory ~ftp/etc. This directory is owned by root with
permissions 555.
12) Copy the files /etc/passwd and /etc/group into ~ftp/etc. These
files should be mode 444. The passwd file should only contain root,
daemon, uucp, and ftp. The group file must contain ftp's group.
*** Because it is possible for anonymous users to access ~ftp/etc
and download the passwd and group files, you should delete any entries
not required for anonymous entry!
*** For better security, reduce the entries in the passwd file to only
the name, uid, gid, and a "*" where the password was. An entry would
look like the following:
ftp:*:400:400:Anonymous FTP::
*** For maximum security, do not use the passwd or group files at all! They
are only required to provide the name of a file owner when users do "ls -l".
Since all files/directories should be owned by ftp or root, this is useless.
13) Make the directory ~ftp/pub. This directory is owned by you and has
the same group as ftp with permissions 555. Files are left here for
public distribution. All folders inside ~ftp/pub should have the same
permissions this.
***Neither the home directory (~ftp) nor any directory below it should be
owned by ftp! Modern ftp daemons support all kinds of useful commands, such
as chmod, that allow outsiders to undo your careful permission settings.
(Thanks to Wietse Venema for that note!)
14) If you wish to have a place for anonymous users to leave files,
create the directory ~ftp/pub/incoming. This directory is owned by root
with permissions 722 (root has all permissions, other users can only
write). Files can be left here, but users cannot see what is there, to
prevent the spread of unauthorized files.
Comment:
The permissions for this directory had to be set at 777 so users who put
infromation in this directory can verify it.
15) If you want to have the localtime showing when people connect,
create the directory ~ftp/usr/share/lib/zoneinfo and copy
/usr/share/lib/zoneinfo/localtime into it. All of these directories
should have the same owner, group, and permissions as ~ftp/usr.
16) If you are bothered by the need for copying your libraries so that you can
use Sun's 'ls', which is dynamically linked, you can try to get a statically
linked copy of 'ls' instead. In this case, you can dispense with steps #6-8.
Statically linked versions may be available from the following sources:
---
***********************************************************
************Many thanks to the following people for their response:
rick dyson dyson@sunfish.physics.uiowa:edu
Johnny Hui jhui@magma.com
Doug Moran brad@optilink:com
Walt Dabell walt@diusys.cms.udel.edu
Ian ifarqhar@laurel.ocs.mq.edu:au
Cameron Humphries cameron@cs.adelaide.edu
Phil Thomas pthomas@netcom.com
Peter Samuel Peter.Samuel@nms.otc.com.au
Eckhard R|ggeberg eckhard@ts.go.dlr.de
Ian Chisholm chis@uk.ac.ed
Kai Grossjohann grossjoh@ls6.informatik.uni-dortmund.de
Kyle Strohm strohm@sunshine.mathsci.denison.edu
Jason jyanowit@orixa.mtholyoke.edu
Ravi Narayan ravi@vax135.att.com
M. Todd Gamble todd_gamble@wiltel.com
Kevin McElearney kevinmac@ll.mit.edu
Tim Beyea beyea@ERC.MsState.Edu
Manish Bhatia manish@prentice.com
Paul R. Joslin pjoslin@optic_nerve.mbvlab.wpafb.af:mil
Jeff Alge jalge@mtgy.gtegsc.com
Hal hal@yin.ucsd:edu
Maureen Kemp mkemp@gislab.teale.ca:gov
Nick nick@dsd.es:com
Wojtek wojsyl1@appli.mimuw.edu:pl
wyneken@sun8.ruf.uni-freiburg:de
kwak@snoopy.postech.ac.kr
Thanks very much once again to all of you for quick response.
___________________________
Parul Patel
Xerox Corporation
435 West Commercial Street, 803-01A
East Rochester, NY 14445
Voice: (716) 383-6284 (Internal: 8*223-6284)
Fax: (716) 383-7395 (Internal: 8*223-7395)
EMail: parul.Roch803@Xerox.com (Internal: parul:Roch803:Xerox)
Comments
Got something to say?
You must be logged in to post a comment.
