Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: Bad AdviseChris Ellwood (cellwoodgauss.ELEE.CalPoly.EDU)
Mon, 25 Jul 94 23:51:47 PDT
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Harold van Aalderen: "Re: Bad Advise"
- Previous message: smbresearch.att.com: "Re: Bad Advise"
- In reply to: Christopher Klaus: "Bad Advise"
- Next in thread: Harold van Aalderen: "Re: Bad Advise"
Christopher Klaus said... > Here is some advise from Sun that I highly recommend you DO NOT DO. > > If you look at the MAN page for ftpd, you will see the following > advise: > > the following rules are recommended. > ~ftp) > Make the home directory owned by ``ftp'' and unwritable > by anyone. > > I highly recommend you change that to owned by ``root''. If anyone can log > in as ftp, there is nothing to stop them from doing SITE CHMOD 777 to the > main directory and putting .rhosts or .forward there allowing instant > access. The man pages for many several versions of Ultrix, NeXT-Mach, and a few other OS's give the same advise. I think it may be from a standard BSD mag page source. While the Ultrix default ftpd doesn't support site commands, the NeXT-Mach ftpd does, and having the ftp directory owned by ftp is rather foolish in any case. - Chris Ellwood <cellwoodgauss.calpoly.edu> EL/EE Dept. System Administrator - Cal Poly, San Luis Obispo