[Originally taken privately from a post to the vger linux-apps mailing list, but my reply might be of some use to others... Cc'ed into the redhat-devel mailing list - be warned that replies to that list will bounce unless you are already subscribed to it.] > On Fri, 11 Feb 2000, you wrote: > > On Thu Feb 10 2000 at 20:41, lsumpter wrote: > > > > > How do I configure my anon FTP server (on Redhat 6.1) to accept > > > uploads? My ftpaccess file denies deletes, overwrites and > > > renames, but not uploads. /home/ftp/ and /home/ftp/incoming/ > > > are owned by ftp, with wrx permissions. I'd like to limit > > > uploads to incoming if I can. > > > > Be VERY careful with *anything* uid or gid as user/group ftp in > > your ftp-root directory... it's a MASSIVE security risk! chown it > > to root.root with 777 permissions (or even 773 to make the > > directory non-readable by others). > > > > As for your problem, the man pages and FAQ should be able to tell > > you how to get it going... The rationale for this is that you don't give an "untrusted" anonomyous user any more privileges to do anything other than what they absolutely need to do. Give any more and the security risks increase dramatically. On Fri Feb 11 2000 at 06:51, lsumpter wrote: > Thanks, Tony - I'm aware of the risks. I've been slowly increasing > the availability, hoping I could get uploading working. > > As for RTFM, I have. Could you be more specific? I found no mention > of upload security in the man page for ftpaccess (or the hosts > files), or in the Redhat online manual. Oh hey, ok... I should have elaborated on what I said. There are some invaluable documents to be found in the usenet archives at: ftp://rtfm.mit.edu/pub/usenet/ Heaps of subdirectories right there (so be patient when doing a listing), covering a lot of newsgroups. Check on the ones concerned with security in the more "respectable" comp.* heirachy, like comp.security comp.security.firewalls comp.security.mist comp.security.unix Also check places like comp.news.announce and comp.news. That's just for the security stuff. There are heaps of other FAQs there - in fact, just about all of the "official" internet FAQs are archived at rtfm.mit.edu - it's a massive warehouse of information! comp.protocols.* comp.lan.* comp.mail.* comp.os.* And not just about computers... there are FAQs about just anything you could think of. Also check the comp.answers directory too - it has most of the more useful FAQs archived there (as all the "official" usenet FAQs that are archived get posted regularly to that newsgroup). As for ftp, check this document: ftp://rtfm.mit.edu/pub/usenet/comp.answers/computer-security/anonymous-ftp-faq As you can see, I wasn't specifically referring to any documentation from RedHat. Not to criticise what redhat has avaliable and what is generally available for linux with all the HOWTOs and LDP stuff, but I wish the linux documentation would mention more prominently other valuable sources of information besides the more "traditional" linux ones. rtfm.mit.edu is one place every linux user - indeed, ALL internet surfers - should know about. Way back before linux was not much more than a rumour and a new word around the internet, these FAQs were my prime resource for information about unix. (I cut my teeth on sunos 4.1.3). > Cheers > Lloyd Cheers Tony -=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=- Tony Nugent <[EMAIL PROTECTED]> Systems Administrator GrowZone OnLine (a project of) GrowZone Development Network POBox 475 Toowoomba Oueensland Australia 4350 Ph: 07 4637 8322 -=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=- -- To unsubscribe: mail -s unsubscribe [EMAIL PROTECTED] < /dev/null