Re: [Net::FTPServer] Simple anonymous access

netftpserver-general

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Net::FTPServer] Simple anonymous access

From:	Richard Jones
Subject:	Re: [Net::FTPServer] Simple anonymous access
Date:	Wed, 10 Nov 2004 14:20:32 +0000
User-agent:	Mutt/1.5.5.1+cvs20040105i

On Wed, Nov 10, 2004 at 03:03:01PM +0100, Kral Gergely wrote:
> On Wed, Nov 10, 2004 at 01:31:14PM +0000, Richard Jones wrote:
> > > /usr/lib/perl5/Net/FTPServer/RO/Server.pm line 107, <STDIN> line 2.
> > 
> > Well, you can add an ``ftp'' user to your system.  However doing so
> > can introduce security problems, if not done properly ...
> > 
> > It depends on exactly what you want to do (anonymous only?
> > read/write?  give ordinary users accounts?), you could try the
> > ``password file'' approach.
> > 
> 
> I only want to share files on my computer without giving anynoe write
> permission.
> As I imagine, I would just create a directory and point the root of the
> anonymous account to that directory. Do I still need to create an ftp
> account in this case?

Yes, in this case you do need to create an 'ftp' account.

First create a /home/ftp directory (for instance, or you could
/var/ftp ...).  This directory should be owned by anyone EXCEPT the
``ftp'' user, but the permissions on the directory should allow the
ftp user to read files and directory contents.  Then add the ftp user
to /etc/passwd:

  ftp:x:UUUU:GGGG:FTP user:/home/ftp:/bin/false

(replace UUUU and GGGG with appropriate UID and GID numbers for the
FTP user).

You can disable non-anonymous logins by doing:

  user access control rule: $user_is_anonymous

and you can disable any uploads by doing:

  store rule: 0

For maximum security, you should probably look at using the
``Anonymous Read-Only'' personality.  Normally you would start this
personality up by running the ``ro-ftpd.pl'' script instead of the
usual ``ftpd.pl'' script (in inetd.conf).

In any case, before exposing Net::FTPServer to the public Internet,
you should carefully check your rules: for example, try logging in
anonymous and non-anonymously, try uploading and downloading files,
try ``cd'' to a restricted directory, and so on, to make sure that the
access controls you think should be in place are actually working.

Rich.

-- 
Richard Jones.  http://www.annexia.org/  http://www.j-london.com/
>>>   http://www.team-notepad.com/ - collaboration tools for teams   <<<
Merjis Ltd. http://www.merjis.com/ - improving website return on investment
http://winwinsales.co.uk/ - CRM consultancy

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Net::FTPServer] Simple anonymous access, Kral Gergely, 2004/11/10
- Re: [Net::FTPServer] Simple anonymous access, Richard Jones, 2004/11/10
  - Re: [Net::FTPServer] Simple anonymous access, Richard Jones, 2004/11/10
  - Re: [Net::FTPServer] Simple anonymous access, Kral Gergely, 2004/11/10
    - Re: [Net::FTPServer] Simple anonymous access, Richard Jones <=

Prev by Date: Re: [Net::FTPServer] Simple anonymous access
Next by Date: [Net::FTPServer] Failed test 16 in t/240abort.t at line 120
Previous by thread: Re: [Net::FTPServer] Simple anonymous access
Next by thread: [Net::FTPServer] Failed test 16 in t/240abort.t at line 120
Index(es):
- Date
- Thread