The ftp server included in the system provides support for an
anonymous ftp account. Because of the inherent security problems
with such a facility, you should read this section carefully if
you want to provide such a service.
When a client accesses the anonymous ftp account, a
chroot(ADM)
system call is performed by the server to restrict the client
from moving outside that part of the filesystem where the
ftp home directory is located. Because a chroot call
is used, certain programs and files used by the server
process must be placed in the ftp home directory as
shown in the following procedure:
Create a user called ftp with the Account Manager.
Do not set a password when creating the user.
Use the following commands to set up directories below
ftp's home directory:
cd ~ftp
chmod 755 .; chown root .; chgrp root .
mkdir bin dev etc lib pub usr usr/lib
chown root bin etc dev lib usr usr/lib
chmod 555 bin etc dev lib usr usr/lib
chown ftp pub
chmod 777 pub
cd bin
cp /bin/ls .
chmod 111 ls
cd ../etc
cp /etc/passwd .
cp /etc/group .
chmod 444 passwd group
cd ../lib
cp /lib/libprot.so.1 .
chmod 555 lib∗
chown bin lib∗
cd ../usr/lib
cp /usr/lib/libc.so.1 .
cp /usr/lib/libsocket.so.1 .
chmod 555 lib∗
chown bin lib∗
cd ../..
find /dev/socksys -print | cpio -dumpv ~ftp
find /dev/zero -print | cpio -dumpv ~ftp
When local users want to place files in the anonymous
area, they must place them in a subdirectory. In the
setup here, the directory ~ftp/pub is used.
WARNING:
Another issue to consider is the /etc/passwd
file placed in ~/ftp/etc/passwd. Because anonymous
ftp does not actually use the password stored
in the encrypted password field, you should edit the copied
file to contain blanks in this field such that anonymous
users cannot obtain the encrypted passwords.
For example, you could edit the following line in ~/ftp/etc/passwd:
root:UDOkW7PLd1/ZQ,..EI:0:3:Superuser:/:
to read:
root::0:3:Superuser:/:
The ftp server provides a security loophole
if certain user accounts are allowed.
The file /etc/ftpusers is checked on each connection.
If the requested user name is located in the file, the
request for service is denied. This
file should contain at least the following names:
uucp
root
Accounts with nonstandard shells should be listed in
this file. Accounts without passwords
need not be listed in this file; the ftp server does
not service these users.