Date: Thu, 3 Feb 2000 12:49:24 -0600 From: Lucas Bergman <iceberg@pobox.com> To: Marc Wandschneider <marcw@lanfear.com> Cc: freebsd-questions@freebsd.org Subject: Re: Securing ftpd Message-ID: <20000203124924.A99674@comp04.prc.uic.edu> In-Reply-To: <AKEALEPEFAKLKAPCDLILKEIOIKAA.marcw@lanfear.com>; from marcw@lanfear.com on Thu, Feb 03, 2000 at 09:50:45AM -0800 References: <AKEALEPEFAKLKAPCDLILKEIOIKAA.marcw@lanfear.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> 1. what does the directory entry drwxrwxrwt ..... mean? my incoming
> directory is listed as this, but i don't recall seeing the 't' before.
t = sticky bit. From chmod(1):
1000 (the sticky bit) When set on a directory, unprivileged
users can delete and rename only those files in the direc-
tory that are owned by them, regardless of the permissions
on the directory. Under FreeBSD, the sticky bit is ignored
for executable files and may only be set for directories
(see sticky(8)).
Note that having ~ftp/incoming set to mode 1777 is begging to have your
site used for a warez dump, since files which are uploaded are
immediately world-readable. There's some info on setting up upload
directories at
http://www.cert.org/ftp/tech_tips/anonymous_ftp_config
though it's not necessarily perfect. Note that big, fancy FTP servers
like wu-ftpd have clever ways through config files of controlling upload
directories, but I can't (nor can anyone else, AFAIK) vouch for their
security.
> 2. to prevent uploads, do i merely have to removing the incoming
> directory?
Yes, and remove any other world-writable areas under ~ftp, of course.
HTH,
Lucas
--
S. Lucas Bergman
Northwestern University
Mathematics Department
PGP Public Key (0xC0C73619):
http://pobox.com/~iceberg/pgpkey.html
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000203124924.A99674>