Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 10 Jun 2002 16:34:18 +1000
From:      "xlr82xs" <xlr82xs@eis.net.au>
To:        "Defryn, Guy" <G.P.Defryn@massey.ac.nz>, "'questions@freebsd.org'" <questions@FreeBSD.ORG>
Subject:   Re: FTP server on freebsd
Message-ID:  <00cc01c21048$d96d3da0$daab0ccb@davidtrz>
References:  <98B01D2717B9D411B38F0008C7840931057F38FF@its-xchg2.massey.ac.nz>
next in thread | previous in thread | raw e-mail | index | archive | help 
Well, actually the "/etc" folder displayed in the root of the ftp service
when you log on as an anonymous user (i think it ends up in /var/ftp/ by
default) isn't the real etc and the password file in there isn't the real
/etc/passwd file

but since fbsd shadows the password file anyway :/

i think as it stands everyone has read access to /etc/passwd because no
password hashes are kept in there anyway, the actuall encrypted passwords
are stored in /etc/master.passwd which is only readable by root

so being able to read passwd as an anonymous ftp user is fine

the only real security "problem" with anonymous ftp access is that people
may use your server to host warez/porn/whatever if you allow uploads.

HOWEVER

if you allow users ftp access it should be noted that passwords for ftp are
transmitted in plain text and may be sniffed.

Also there are various exploits and other issues for the various ftp servers
around but you can go and look that up for the specific ftpd you are
running...


----- Original Message -----
From: Defryn, Guy
To: 'questions@freebsd.org'
Sent: Monday, June 10, 2002 7:06 AM
Subject: FTP server on freebsd


Hi there,

I have configured my freebsd machine with ftp access.
However, I have a feeling that it is not very secure.
When I set it up with the default settings I see the
/etc/ folder and it has a passwd file in it.

Are there any documents available on securing FTP?
I can't seem to find it on the freebsd website.

Cheers


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00cc01c21048$d96d3da0$daab0ccb>