RE: Setting up Anon FTP?
I'm not chroot'ing to /bin/ls but to /home/ftp.
The reason I tried to chroot to /home/ftp and run ls is to troubleshoot
the anonymous ftp login problem. It's a lot easier to just make changes
and use chroot than to ftp/login/check/logout. I figure the chroot
problem
and the fact that ls doesn't work from an anonymous ftp login are
related.
I did follow the steps in the ftpd man page. Except for setting up the
pwd.db file in etc (the pwd_mkdb command doesn't exist). I don't think
this is the problem though and the man page says this is just necessary
to print names instead of numbers in ls output. (I did copy passwd and
group files to etc while trying to find the problem.)
In addition to the man page instructions is there anything else I need to
do?
Thanks again,
Tony Richardson
-----Original Message-----
From: Ossama Othman [SMTP:othman@astrosun.tn.cornell.edu]
Sent: Thursday, February 26, 1998 12:34 PM
To: Richardson,Anthony
Cc: debian-user
Subject: RE: Setting up Anon FTP?
Why are you trying to chroot to /bin/ls? The ftpd daemon automatically
does a chroot when someone logs in as "anonymous" or "ftp." Here is an
excerpt from the ftpd man page. Did you follow what it says?
---- FROM LINUX FTPD MAN PAGE ---
In the last case, ftpd takes special measures to restrict the client's
access privileges. The server performs a chroot(2) to the home directory
of the ``ftp'' user. In order that system security is not breached, it
is
recommended that the ``ftp'' subtree be constructed with care, following
these rules:
~ftp Make the home directory owned by ``root'' and unwritable
by anyone (mode 555).
~ftp/bin Make this directory owned by ``root'' and unwritable by
anyone (mode 511). The program ls(1) must be present
to
support the list command. This program should be mode
111 (executable only).
~ftp/etc Make this directory owned by ``root'' and unwritable by
anyone (mode 511). The files pwd.db (see pwd_mkdb(8))
and group(5) must be present for the ls command to be
able to produce owner names rather than numbers. The
password field in pwd.db is not used, and should not
contain real passwords. The file motd, if present, will
be printed after a successful login. These files should
be mode 444.
~ftp/pub Make this directory mode 555 and owned by ``root''.
This is traditionally where publically accessible files
are stored for download.
------------------------
I've setup several anonymous ftp servers following similar directions on
Solaris machines, too. The above setup procedure seems to be pretty
standard, except for some character devices that are placed in ~ftp/dev.
If you can tell me/us specifically what you have done and what
problems/errors you get, it will be easier to determine what is wrong. I
apologize if you have already done this. I just got on to this list last
night.
-Ossama
______________________________________________________________________
Ossama Othman <othman@astrosun.tn.cornell.edu>
--- PGP Keys ---
Public: http://astrosun.tn.cornell.edu/staff/othman/OO_PUBLIC.asc
REVOKED: http://astrosun.tn.cornell.edu/staff/othman/OO_REVOKED.asc
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: