The ftp/etc/passwd file should be edited to remove any entries for regular users on your system. Again, the idea is to prevent any access to the original files in the /etc directory by FTP users. Then create an ftp/etc directory to hold a copy of your passwd and group files. Do this for any commands you want to make available to FTP users. Next, make a new bin directory in the ftp directory, and then make a copy of the ls command and place it in ftp/bin. Create an ftp directory and use the chmod command with the permission 555 to turn off write access: chmod 555 ftp. If, for some reason, you set up the anonymous FTP directories yourself, you must use the chmod command to change the access permissions for the directories so that remote users cannot access the rest of your system. Whenever they use the ls command, remote users are using the one in ftp/bin, not the one you use in /bin. A bin directory is placed in the ftp directory and remote users are restricted to it, instead of the system's bin directory. To change a directory's ownership you use the chown command, as shown in this example:Īnother, more traditional, solution is to create copies of certain system directories and files needed by remote users and to place them in the ftp directory where users can access them. Use the ls -d command to check on the ownership of the FTP directory. In any event, make sure that the FTP home directory is owned by the root user, not by the FTP user. Newer FTP daemons like vsftpd and ProFTPD solve this problem by creating secure access to needed system commands and files, while restricting remote users to only the FTP site's directories. At the same time, you want to let the FTP user list filenames using an ls command. For example, you would not let a user use your ls command to list filenames, because ls is located in your /bin directory. An important part of protecting your system is preventing remote users from using any commands or programs not in the restricted directories. When users log in anonymously, they are placed in this directory. If a home directory has not been set up, create one and then change its ownership to the FTP user with the chown command.Īs previously noted, on Red Hat, the FTP home directory is named ftp and is placed in the /var directory. When FTP users log in to your system, they are placed in this directory. The x in the password field blocks the account, which prevents any other users from gaining access to it, thereby gaining control over its files or access to other parts of your system. The following is the entry you find in your /etc/passwd file on Red Hat systems that sets up an FTP login as an anonymous user: ftp:x:14:50:FTP User:/var/ftp: You must also modify the entry for this account in your /etc/passwd file to prevent normal user access to it. ![]() ![]() You can then place restrictions on the FTP account to keep any remote FTP users from accessing any other part of your system. If your system does not have such an account, you will have to create one. Most distributions already create this account for you. To allow anonymous FTP access by other users to your system, you must have a user account named FTP.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |