Summary: How to set up an ftp anonymous site

Melissa Hines hines at portia.Stanford.EDU
Thu Dec 6 07:44:31 AEST 1990


About a week ago, I asked the net how to set up an ftp anonymous account.  
   Here is a summary of the replies.  Many thanks to the people who took 
   the time to answer my question!

Simple answer -- RTFM!
   This is actually a little trickier than it sounds!  You need to look at
   man ftpd.
More verbose answer:
   I received a number of replies that were all very similar.  The one I
   quote here came from the SRI Intl. Report "Improving the Security of
   Your Unix System" via Andi Karrer.

___________________________________________________________________________
1) make sure your /usr/etc/ftpd (or ftpd.gw) is newer than Dec 1988. If not
   urge DEC to give you a new one cause this one may have a real bug.

2) make a user "ftp". Disable the password (put * in the second field).
   make the login directory to where you want to put the anon ftp files.
   The /etc/passwd entry should look like:
        ftp:*:12:12:Anon ftp:/usr/local/ftp:/bin/true
   The /etc/group entry should look like:
        ftp:*:12:
   make sure uid and gid are normal user id's, e.g not "root".
       **** Very important ****

3) make a home directory for ftp unwritable by anyone:
        # mkdir /usr/local/ftp
        # chown ftp ~ftp
        # chmod 555 ~ftp

4) make the directory ~ftp/bin, owned by root and unwritable by anyone. Put
   a copy of the "ls" program there:
        # mkdir ~ftp/bin
        # chown root ~ftp/bin
        # chmod 555 ~ftp/bin
        # cp -p /bin/ls ~ftp/bin
        # chmod 111 ~ftp/bin/ls

5) make the directory ~ftp/etc, owned by root and unwritable by anyone. put
   a stripped-down copy of /etc/passwd and /etc/group there. the files
   should only contain the entry for the user "ftp".
        # mkdir ~ftp/etc
        # chown root ~ftp/etc
        # chmod 555 ~ftp/etc
        # grep '^ftp:' /etc/passwd > ~ftp/etc/passwd
        # grep '^ftp:' /etc/group  > ~ftp/etc/group
        # chmod 444 ~ftp/etc/passwd ~ftp/etc/group

6) make the directory ~ftp/etc/pub, owned by "ftp" and writable by anyone.
   anon ftp users may the place files there. alternatively, if you want anon
   ftp users only to be able to GET fies from your system, make the directory
   unwritable by anyone except root.
        # mkdir ~ftp/pub
        # chown ftp ~ftp/pub
        # chmod 777 ~ftp/pub          - or 555

_____________________________________________________________________________
Thanks to all the people who replied
    Andi Karrer
    Tim Ramsey
    Joe Hamlin
    David Elliott
    Nick Sayer
    Jeff Kays
    Gary Weimer

If you would like a copy of all the replies that I received, I will be happy to send them to you.

Melissa A. Hines
Dept. of Chemistry
Stanford University



More information about the Comp.unix.questions mailing list