Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: Bad AdviseHarold van Aalderen (haroldsara.nl)
Tue, 26 Jul 1994 14:30:08 +0200
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: G.J.W. Hagenaars: "Re: Bad Advise"
- Previous message: Chris Ellwood: "Re: Bad Advise"
- In reply to: Christopher Klaus: "Bad Advise"
- Next in thread: Christopher Klaus: "Re: Bad Advise"
In message <199407242039.QAA17499shadow.net> you write: > > Here is some advise from Sun that I highly recommend you DO NOT DO. > > If you look at the MAN page for ftpd, you will see the following > advise: > > the following rules are recommended. > ~ftp) > Make the home directory owned by ``ftp'' and unwritable > by anyone. > I haven't seen a system yet where this is _NOT_ in the manpage of ftpd. I guess it was in the original BSD manpage and nobody ever bothers to update it. AIX all versions, IRIX all versions, UNICOS and as mentioned SunOS all state the ~ftp should be owned by user ftp and mode 555. Some of these systems do allow the SITE CHMOD command. The first aftp-server I installed this way was hacked within 24 hours. I informed CERT-NL (Dutch version of CERT) I got the reply that I should follow the CERT recommendations about setting up anonymous ftp. Harold van Aalderen |email: haroldsara.nl system programmer/site security contact | SARA (Academic Computing Services Amsterdam) |phone: +31 20 5923000 PO Box 94613 1090 GP Amsterdam The Netherlands|fax : +31 20 6683167