[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: configuring ftpd for upload



First, make sure you've patched ftpd.  There was a potential exploit
against ftpd as it shipped on the 2.7 cd.  The patch is available from the
OpenBSD web site.

Next, create a user named ftp.  The user's home directory will be the root
of the anonymous ftp tree.  Make a pub directory with appropriate
permissions (550 or 555 seem reasonable; I used 555).  Make an
incoming directory also with appropriate permissions.  I used 731, so that
files could be uploaded but not seen or damaged.  The directories are
owned by root and belong to the ftp group.

Before taking this advice, read the man page again; I figured out how to
set all of this up from the man page.  Also evaluate those directory
permissions and make sure you can't see any security holes from them.
I enjoy UNIX administration, but I can't claim to be brilliant at it.  I'm
sure that somebody on this list can point out large holes in my setup.

Clay


On Fri, 1 Sep 2000, [iso-8859-1] Sad KADHI wrote:

> I'm sorry if this seems a silly question but I'm trying to configure an
> OpenBSD 2.7 box for Anonymous FTP. I want my anonymous users to be able
> to:
> -retrieve files from the pub directory
> -store files on upload directory without being able to delete the
> directory or delete previously stored files