[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Net::FTPServer] Simple anonymous access
From: |
Richard Jones |
Subject: |
Re: [Net::FTPServer] Simple anonymous access |
Date: |
Wed, 10 Nov 2004 14:20:32 +0000 |
User-agent: |
Mutt/1.5.5.1+cvs20040105i |
On Wed, Nov 10, 2004 at 03:03:01PM +0100, Kral Gergely wrote:
> On Wed, Nov 10, 2004 at 01:31:14PM +0000, Richard Jones wrote:
> > > /usr/lib/perl5/Net/FTPServer/RO/Server.pm line 107, <STDIN> line 2.
> >
> > Well, you can add an ``ftp'' user to your system. However doing so
> > can introduce security problems, if not done properly ...
> >
> > It depends on exactly what you want to do (anonymous only?
> > read/write? give ordinary users accounts?), you could try the
> > ``password file'' approach.
> >
>
> I only want to share files on my computer without giving anynoe write
> permission.
> As I imagine, I would just create a directory and point the root of the
> anonymous account to that directory. Do I still need to create an ftp
> account in this case?
Yes, in this case you do need to create an 'ftp' account.
First create a /home/ftp directory (for instance, or you could
/var/ftp ...). This directory should be owned by anyone EXCEPT the
``ftp'' user, but the permissions on the directory should allow the
ftp user to read files and directory contents. Then add the ftp user
to /etc/passwd:
ftp:x:UUUU:GGGG:FTP user:/home/ftp:/bin/false
(replace UUUU and GGGG with appropriate UID and GID numbers for the
FTP user).
You can disable non-anonymous logins by doing:
user access control rule: $user_is_anonymous
and you can disable any uploads by doing:
store rule: 0
For maximum security, you should probably look at using the
``Anonymous Read-Only'' personality. Normally you would start this
personality up by running the ``ro-ftpd.pl'' script instead of the
usual ``ftpd.pl'' script (in inetd.conf).
In any case, before exposing Net::FTPServer to the public Internet,
you should carefully check your rules: for example, try logging in
anonymous and non-anonymously, try uploading and downloading files,
try ``cd'' to a restricted directory, and so on, to make sure that the
access controls you think should be in place are actually working.
Rich.
--
Richard Jones. http://www.annexia.org/ http://www.j-london.com/
>>> http://www.team-notepad.com/ - collaboration tools for teams <<<
Merjis Ltd. http://www.merjis.com/ - improving website return on investment
http://winwinsales.co.uk/ - CRM consultancy
signature.asc
Description: Digital signature