WARNING!
System Janitor
hubcap at hubcap.clemson.edu
Tue Apr 16 00:07:47 AEST 1991
*
* Ummm, unless you wrote your own ftpd, the standard BSD one explicitly
* chroot's anonymous FTP requests to the logon directory of the user
* 'ftp'. In every system manual, where I've seen how to set up
* anonymous FTP, it mentions this, and tells the system manager never to
* make the logon directory be '/'.
But the man page for ftpd (usually) also says something like:
~ftp/etc) Make this directory owned by the superuser and unwrit-
able by anyone. The files passwd(5) and group(5) must
be present for the ls command to work properly.
... and they never warn you to delete the encrypted password field
from ~/ftp/etc/passwd. Lots of people have their *real* password files
available via anonymous ftp, and the manual more or less *tells* them to
do it!
-Mike
More information about the Comp.unix.wizards
mailing list