Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 1 Jan 1996 10:06:58 -0600 (CST)
From:      Joe Greco <jgreco@brasil.moneng.mei.com>
To:        mbarkah@hemi.com (Ade Barkah)
Cc:        hackers@FreeBSD.ORG, questions@FreeBSD.ORG
Subject:   Re: Answer to /bin/ls and ftp (should be documented)
Message-ID:  <199601011606.KAA10803@brasil.moneng.mei.com>
In-Reply-To: <199512310246.TAA13020@hemi.com> from "Ade Barkah" at Dec 30, 95 07:46:49 pm

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
>    3. Copy the new pwd.db file into ~ftp/etc, and make it only
>       readable to everyone (chmod a=r pwd.db.) You should have
>       two files in ~ftp/etc directory: pwd.db, and group. The
>       passwd file is not necessary. Here's an example of how
>       the ~ftp/etc directory might look:
> 
>       -r--r--r--  1 root  ftp     15 Dec 18 10:38 group
>       -r--r--r--  1 root  ftp  40960 Dec 18 19:14 pwd.db
> 
>    4. Make sure you copy /bin/ls into ~ftp/bin, and make it only
>       executable by everyone (chmod a=x ls).

The more paranoid among us will be even more cautious:  you don't want
people gaining a comprehensive listing of users on your system as easily as
downloading the pwd.db file.  I do something similar but with a twist:

3.  Copy the new pwd.db and group files into ~ftp/etc, and make them both
mode 0440.  Change owner to "root.daemon".
4.  Copy /bin/ls into ~ftp/bin.  Change owner to "root.daemon", and change
the mode to 2111...

Now nobody can access your pwd.db or group files, but ls can, because it is
a member of the appropriate group...

I know this may seem overly paranoid to people, but you never know what
tricks someone might use to gain access to your system, and the lower your
profile, the safer you may be...

... Joe

-------------------------------------------------------------------------------
Joe Greco - Systems Administrator			      jgreco@ns.sol.net
Solaria Public Access UNIX - Milwaukee, WI			   414/342-4847



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?199601011606.KAA10803>