[Originally taken privately from a post to the vger linux-apps
mailing list, but my reply might be of some use to others... Cc'ed
into the redhat-devel mailing list - be warned that replies to that
list will bounce unless you are already subscribed to it.]
> On Fri, 11 Feb 2000, you wrote:
> > On Thu Feb 10 2000 at 20:41, lsumpter wrote:
> >
> > > How do I configure my anon FTP server (on Redhat 6.1) to accept
> > > uploads? My ftpaccess file denies deletes, overwrites and
> > > renames, but not uploads. /home/ftp/ and /home/ftp/incoming/
> > > are owned by ftp, with wrx permissions. I'd like to limit
> > > uploads to incoming if I can.
> >
> > Be VERY careful with *anything* uid or gid as user/group ftp in
> > your ftp-root directory... it's a MASSIVE security risk! chown it
> > to root.root with 777 permissions (or even 773 to make the
> > directory non-readable by others).
> >
> > As for your problem, the man pages and FAQ should be able to tell
> > you how to get it going...
The rationale for this is that you don't give an "untrusted"
anonomyous user any more privileges to do anything other than what
they absolutely need to do. Give any more and the security risks
increase dramatically.
On Fri Feb 11 2000 at 06:51, lsumpter wrote:
> Thanks, Tony - I'm aware of the risks. I've been slowly increasing
> the availability, hoping I could get uploading working.
>
> As for RTFM, I have. Could you be more specific? I found no mention
> of upload security in the man page for ftpaccess (or the hosts
> files), or in the Redhat online manual.
Oh hey, ok... I should have elaborated on what I said.
There are some invaluable documents to be found in the usenet archives
at:
ftp://rtfm.mit.edu/pub/usenet/
Heaps of subdirectories right there (so be patient when doing a
listing), covering a lot of newsgroups. Check on the ones concerned
with security in the more "respectable" comp.* heirachy, like
comp.security
comp.security.firewalls
comp.security.mist
comp.security.unix
Also check places like comp.news.announce and comp.news.
That's just for the security stuff. There are heaps of other FAQs
there - in fact, just about all of the "official" internet FAQs are
archived at rtfm.mit.edu - it's a massive warehouse of information!
comp.protocols.*
comp.lan.*
comp.mail.*
comp.os.*
And not just about computers... there are FAQs about just anything you
could think of. Also check the comp.answers directory too - it has
most of the more useful FAQs archived there (as all the "official"
usenet FAQs that are archived get posted regularly to that newsgroup).
As for ftp, check this document:
ftp://rtfm.mit.edu/pub/usenet/comp.answers/computer-security/anonymous-ftp-faq
As you can see, I wasn't specifically referring to any documentation
from RedHat. Not to criticise what redhat has avaliable and what is
generally available for linux with all the HOWTOs and LDP stuff, but I
wish the linux documentation would mention more prominently other
valuable sources of information besides the more "traditional" linux
ones. rtfm.mit.edu is one place every linux user - indeed, ALL
internet surfers - should know about.
Way back before linux was not much more than a rumour and a new word
around the internet, these FAQs were my prime resource for information
about unix. (I cut my teeth on sunos 4.1.3).
> Cheers
> Lloyd
Cheers
Tony
-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-
Tony Nugent <[EMAIL PROTECTED]> Systems Administrator
GrowZone OnLine (a project of) GrowZone Development Network
POBox 475 Toowoomba Oueensland Australia 4350 Ph: 07 4637 8322
-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-
--
To unsubscribe:
mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
