Setting up anonymous ftp

The ftp server included in the system provides support for an anonymous ftp account. Because of the inherent security problems with such a facility, you should read this section carefully if you want to provide such a service.

When a client accesses the anonymous ftp account, a chroot(ADM) system call is performed by the server to restrict the client from moving outside that part of the filesystem where the ftp home directory is located. Because a chroot call is used, certain programs and files used by the server process must be placed in the ftp home directory as shown in the following procedure:

1. Create a user called ftp with the Account Manager. Do not set a password when creating the user.

2. Use the following commands to set up directories below ftp's home directory:
   
   
   
   
   
   
   cd ~ftp
   chmod 755 .; chown root .; chgrp root .
   mkdir bin dev etc lib pub usr usr/lib
   chown root bin etc dev lib usr usr/lib
   chmod 555 bin etc dev lib usr usr/lib
   chown ftp pub
   chmod 777 pub
   cd bin
   cp /bin/ls .
   chmod 111 ls
   cd ../etc
   cp /etc/passwd .
   cp /etc/group .
   chmod 444 passwd group
   cd ../lib
   cp /lib/libprot.so.1 .
   chmod 555 lib∗
   chown bin lib∗
   cd ../usr/lib
   cp /usr/lib/libc.so.1 .
   cp /usr/lib/libsocket.so.1 .
   chmod 555 lib∗
   chown bin lib∗
   cd ../..
   find /dev/socksys -print | cpio -dumpv ~ftp
   find /dev/zero -print | cpio -dumpv ~ftp

For example, you could edit the following line in ~/ftp/etc/passwd:

   root:UDOkW7PLd1/ZQ,..EI:0:3:Superuser:/:

   root::0:3:Superuser:/:

The ftp server provides a security loophole if certain user accounts are allowed. The file /etc/ftpusers is checked on each connection. If the requested user name is located in the file, the request for service is denied. This file should contain at least the following names:

   uucp
   root

Home Notes   Home   MCSE   MCSE + Security   CCNA   CCNP   Schedule   Register   Frequently Asked Questions   Course Fees   Contact US   Boot Camp Location   Compare us to our competitors   Testimonials   Sitemap

Testimonials

Join MCSE Boot Camp & CCNA Boot Camp Back to Back Certification Today. links  270    290    291  293    294  298  299  Security  640-801  routing 811  821   831  Resources MCSE + CCNA  Training  Card pay  Papal  MCSE Notes  CCNA Notes    index main  root link  resources home    Ref1 Ref2

Vibrant offers MCSE certification training boot camp for $5400 all inclusive, instructor led at California and Baltimore.

Vibrant Bootcamp Participants come from All Around the World. Vibrant has trained students from more than 15 countries like USA, UK, (Scotland, Ireland, Wales), Switzerland, Germany, Australia, Canada, France, Holland, Japan, Belgium, Bahrain, New Zealand, Tanzania, Turkey, Kenya and more.