News Group Posts

OSR5 anonymous ftp inetd.conf

From: Bill Campbell <bill@celestial.com>
Subject: Re: Anonymous ftp can't delete or rename - 5.0.6a
Date: Tue, 21 Jan 2003 21:33:17 GMT
References: <3e2d4baf$0$221$4d4eb98e@news.dk.uu.net>
<3e2d5ec2$0$209$4d4eb98e@news.dk.uu.net> 

On Tue, Jan 21, 2003 at 03:52:51PM +0100, Flemming Haurum wrote:
>Hi group,
>
>I have found the cure.
>
>I would say one error and one changed behaviour. SCO should be informed
>about this.
>
>The ftpd line in /etc/inetd.conf must have the option -a appended. Even
>though the man page for ftpd says that -a is default behaviour, it is not
>true.
>
>The /etc/ftpaccess file must have an entry specifying the users that can
>delete files. Syntax: "delete yes class=all". This syntax is not obvious as
>the sample /etc/ftpaccess file contains lines saying, "tar yes all" and
>"compress yes all". A consistent syntax should be that all class references
>should be prefixed by "class=" or none should be prefixed. But not a mix of
>syntax.

Be _VERY_ careful what you do here.  Turning off these features leaves your
anonymous ftp server open to abuse by people who will find it and use it as
a drop point for copyrighted or illegal software.  Don't think this won't
happen to you!  We see several hundred probes every day at our servers
here, and at our customer's sites where people are looking for open sites.

A properly configured anonymous ftp server will automatically make any
uploaded files unreadable and unchangeable by anonymous ftp users, sending
an e-mail message to the administrator so they can move the files to an
appropriate place with appropriate permissions.

Bill
--
INTERNET:   bill@Celestial.COM  Bill Campbell; Celestial Software LLC
UUCP:               camco!bill  PO Box 820; 6641 E. Mercer Way
FAX:            (206) 232-9186  Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/

The pinnacle of open systems is: when moving from vendor to vendor, the
design flaws stay the same.
 

Comments?

Jump to Comments

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.