Terrific, so fast and so efficient.
Many thanks to :
Ollivier Robert <roberto_at_eurocontrol.fr>
Francois Zimmermann <Francois.Zimmermann_at_lebs.cnrs-gif.fr>
"Dr. Tom Blinn, 603-881-0646" <tpb_at_zk3.dec.com>
Rainer Landes <rlandes_at_fphws01.physik.uni-karlsruhe.de>
Hans Kowallik <hans_at_physics.orst.edu>
My question :
> I have to build an FTP/anonymous on my system. Do someone know if there
> is a tool or a setup program in DU (like netsetup or everithing else)
> or have I to do all by hand ??
Answers :
The ftpd(8) manpage has some tips about setting it up. There is also a FAQ
posted in comp.security.misc/unix about it.
-----------------------------------------------------------------------------
You have to do it by hand (unless V4.0 added a script, and I don't think
it
did, since there are many options for what to put in the anonymous user's
directory).
See the ftpd reference page for details.
-----------------------------------------------------------------------------
I did it by hand some 12 months ago. It was described in
"UNIX System Administrator's Handbook" by Nemeth et. al. (Prentice Hall)
1) if ftp does not run at all yet, configure ftp (via setup program)
I cite here the necessary parts from the above mentioned book:
2) add user "ftp" to the password file
3) create directories bin, etc, pub beneath ~ftp
4) copy ls program to ~ftp/bin directory
5) copy /etc/passwd and /etc/group to ~ftp/etc
6) edit ~ftp/etc/passwd and ~ftp/etc/group so that it contains
only entries for root, daemon, uucp, ftp. Change the password
fields to "*"
7) Set the proper permissions on files and directories under ~ftp
(see below)
No one needs to log in to the ftp account, so use a star as ftp's
password.
It's also a good idea to specify /bin/false as ftp's login shell.
...
For added security make ~ftp/bin/ls execute-only by setting its mode
to 111.
The files you want to make available should be put in ~ftp/pub
If your system uses shared libraries and your ls command is not statically
linked, you may need to copy extra files into ~ftp (Comment:
on DEC Unix copy /sbin/ls to ~ftp/bin/ls, not /usr/bin/ls. The first one
is statically linked.)
...
Recommended permissions under ~ftp
file owner mode
~ftp root 555
~ftp/bin root 555
~ftp/bin/ls root 111
~ftp/etc root 555
~ftp/etc/passwd root 444
~ftp/etc/group root 444
~ftp/pub root 755
This was cited from the above mentioned book, 2nd ed, pages 429ff
-----------------------------------------------------------------------------
most people seem to use wuftp, available from
http://wuarchive.wustl.edu
-----------------------------------------------------------------------------
Setting up Anonymous FTP under Digital Unix 3.x
---------------------------------------------------
1) Use the addgrp command to add a new group to the /etc/group file.
Call the group anonftp.
2) Add a user ftp using either adduser or edit the /etc/passwd file.
This user must belong to group anonftp only. The home directory
must point to the area which will be served anonymously.
3) Create the ftp home directory owned by root that cannot be written
by anyone.
4) Create a bin directory under the ftp home, owner root, not writable
by anyone.
5) Copy the ls program to bin. Note: copy the/sbin/ls (the statically
linked version, not /usr/bin/ls). chmod this file to 111.
6) Create an etc directory, owner root, not writable by anyone.
7) Create a pub directory, chmod 777, where you can exchange data. If
you want a readonly service, chmod 444, owner ftp.
8) In ftp_home/etc create a group file with only the entry for the
group you created in step 1. ie its only entry will be
anonftp:*:<group_number>
chmod 444 to this file.
9) In ftp_home/etc create a passwd file with only an ftp entry, eg
ftp:*:uid:gid:Anonymous ftp:/home/ftp:
chmod 444 to this file.
10) In ftp_home/etc create a directory sia, copy into this directory all
files
from /etc/sia.
11) At this point anonymous ftp should work. To enable logging of
activities
add the qualifiers -d -l to the ftpd server startup. This is set up
in the
file /etc/inetd.conf
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
Jean Schuller _/ _/_/_/ _/_/_/ _/_/_/_/
schuller_at_crnal4.in2p3.fr _/ _/ -/ _/ _/ _/
_/ _/_/_/-/ _/_/_/ _/_/_/_/
_/ _/ -/ _/ _/
_/ _/ _/ _/_/_/ _/_/_/_/
local call: 0388106630 Institut de Recherches Subatomiques
foreign call: (33)388106630 Boîte Postale 28
local fax : 0388106234 23, Rue du Loess
foreign fax : (33)388106234 F-67037 STRASBOURG CEDEX - France
-----------------------------------------------------------------------------
Received on Fri Feb 28 1997 - 10:30:25 NZDT