<HEAD><!---SHOWDOWN.ORG---><TITLE>Anonymous FTP FAQ</TITLE><script type="text/javascript"><!--// <![CDATA[ - Ad Muncher helper script: do not remove without removing all references to this in the below page (eg: everything containing "ywzw", "ywzf" or "ywb")var ywzwa,ywzwb,ywzwc,ywzwd,ywzwff,ywzwh,ywzwi,ywzwir,ywzwk,ywzwm,ywzwn,rp,ywzwq,ywzws,ywzwv,ywzww,ywzwy,ywzwro,ywzwolp,ywzwqn,ywzwqnbu,ywzwtop,ywzwpld,ywzwplt,ywzwtopt,ywzwagt;ywzwpld=1;ywzwh=1;ywzwk=1;ywzwd=1;ywzww=0;ywzwy=0;ywzwro=0;ywzwi="";ywzwz="http://www.admuncher.com/";function ywzwps(){eval("ywzwtop="+ywzwtopt+";");};function ywb(z){if(z.location)return false;else return z.blur();};function ywzwj(){ywzwps();if(ywzwtop.ywzwolp)ywzwf();return true;};function ywzf(z){if(z.location)return false;else return z.focus();};function ywzwf(){ywzwps();ywzwtop.ywzwqn=ywzwtop.ywzwqnbu;ywzwtop.ywzwolp=0;};function ywzwr(e){ywzwps();if((e&&e.which==1)||(window.event.button==1)){ywzwtop.ywzwqn=1;setTimeout("ywzwtop.ywzwqn=0;",500);};};function ywzwe(z){ywzwps();ywzwtop.ywzwa=0;ywzwtop.ywzwqnbu=ywzwtop.ywzwqn;ywzwtop.ywzwqn=0;ywzwtop.ywzwolp=1;setTimeout("ywzwtop.ywzwa=1;",5000);ywzwx();if(ywzwh){ywzwh=0;if(ywzwff)ywzwff();};if(z!=7)ywzwf();};function ywzwx(){ywzwq=""+document.onmousedown;if(!document.onmousedown||!ywzwq||ywzwq.indexOf("ywzwr")!=-1){if(document.layers)document.captureEvents(Event.MOUSEDOWN);document.onmousedown=ywzwr;};ywzwq=""+window.onload;if(!window.onload||!ywzwq||(ywzwq.indexOf("ywzwe")!=-1&&ywzwq.indexOf("ywzwf")==-1))window.onload=ywzwe;};function ywzwu(a){ywzwps();ywzwtop.ywzwi=ywzwtop.ywzwi.substring(0,1024);while(ywzwtop.ywzwi.indexOf('"')!=-1)ywzwtop.ywzwi=ywzwtop.ywzwi.replace('"',"<~am~`");while(ywzwtop.ywzwi.indexOf("<~am~`")!=-1)ywzwtop.ywzwi=ywzwtop.ywzwi.replace("<~am~`",'\\"');ywzwtop.ywzwir='ywzwtop.defaultStatus="'+ywzwtop.ywzwi+'";';if(!ywzwtop.ywzws){ywzwtop.ywzws=1;setInterval("eval(ywzwtop.ywzwir);",3000);};setTimeout("eval(ywzwtop.ywzwir);",1000);};function ywzwt(a){ywzwps();if(ywzwtop.ywzwqn||ywzwtop.ywzwa){ywzwtop.ywzwqn=0;return alert(a);};if(a&&ywzwd){ywzwv=a;while(ywzwv.indexOf("\n")!=-1)ywzwv=ywzwv.replace("\n"," ");ywzwtop.ywzwi="Alert message blocked by Ad Muncher: "+ywzwv;ywzwu();};return false;};function ywzwo(a,b,c,d){ywzwps();ywzwtop.ywzwqn=0;if(!a)a="";if(c){c=c.toLowerCase();while(c.indexOf(" ")!=-1)c=c.replace(" ","");if(ywzww){c=c.replace("height=","xxx=");c=c.replace("width=","xxx=");c=c.replace("top=","xxx=");c=c.replace("left=","xxx=");c=c.replace("screenx=","xxx=");c=c.replace("screeny=","xxx=");};if(ywzwy){c=c.replace("location=","xxx=");c=c.replace("toolbar=","xxx=");c=c.replace("menubar=","xxx=");c=c.replace("resizable=","xxx=");c=c.replace("scrollbars=","xxx=");c=c.replace("status=","xxx=");c=c.replace("titlebar=","xxx=");c=c.replace("fullscreen=","xxx=");c=c.replace("directories=","xxx=");};};if(ywzwy){if(c)c+=",";else c="";c+="location,toolbar,menubar,resizable,scrollbars,status,titlebar,directories";};if(d)return open(a,b,c,d);else if(c)return open(a,b,c);else if(b)return open(a,b);else return open(a);};function ywzw(a,b,c,d){ywzwps();ywzwagt=navigator.userAgent.toLowerCase();if(ywzwro||ywzwtop.ywzwa||ywzwtop.ywzwqn||typeof(parent.frames[b])=="subwindow"||typeof(parent.frames[b])=="object"||b=="_top"||b=="_self"||b=="_parent"||((ywzwagt.indexOf("msie")!=-1&&ywzwagt.indexOf("opera")==-1)&&(b=="_search"||b=="_media"))){return ywzwo(a,b,c,d);};if(a){ywzwp="/admuncherpopcheck&"+Math.random();ywzwm=new Image();ywzwm.src=a+ywzwp;ywzwm=ywzwm.src.replace(ywzwp,"");ywzwn=ywzwm.toLowerCase();}else{ywzwm="(No URL)";ywzwn=document.URL.toLowerCase();};if(ywzwa==-1||(ywzwn.indexOf(".aol.com/aimexpress")!=-1)||(ywzwn.indexOf(".bcn-hj.com/")!=-1)||(ywzwn.indexOf(".cnn.com/pr/video/")!=-1)||(ywzwn.indexOf(".com/gp/")!=-1&&ywzwn.indexOf(".asp")!=-1&&ywzwn.indexOf("packageid=")!=-1)||(ywzwn.indexOf(".feedroom.com/")!=-1)||(ywzwn.indexOf(".mail.com/templates/common/")!=-1)||(ywzwn.indexOf("//go.icq.com/")!=-1)||(ywzwn.indexOf("/register/register.jsp?")!=-1)||(ywzwn.indexOf("download.com/")!=-1)||(ywzwn.indexOf("ebizautos.com/shared/viewer.cfm")!=-1)||(ywzwn.indexOf("fiv.sp.co.gg")!=-1)||(ywzwn.indexOf("novapal.com/")!=-1&&ywzwn.indexOf(".pdf")!=-1)||(ywzwn.indexOf("pogo.com/arena/game-outerframeset.jsp?")!=-1)||(ywzwn.indexOf("zdnet.com/")!=-1)){return ywzwo(a,b,c,d);};if(ywzwd&&ywzwm){if(ywzwtop.ywzwb){ywzwc="s";ywzwtop.ywzwb+=", "+ywzwm;}else{ywzwc="";ywzwtop.ywzwb=ywzwm;};ywzwtop.ywzwi="Popup"+ywzwc+" on page blocked by Ad Muncher: "+ywzwtop.ywzwb;ywzwu();};return false;};ywzwx();try{if(top.ywzwpld){top.rplt=1;ywzwtopt="top";}else ywzwtopt="self";}catch(e){ywzwtopt="self";};if(ywzwk)window.onerror=ywzwj;// ]]>> --></script></HEAD><BODY><H1>Anonymous FTP FAQ</h1><i>Version: 3.00</i><p><h2>How to Set up a Secure Anonymous FTP Site</h2><p>	The following is a FAQ on setting up a secure FTP Site.  FTP sitesare known for much abuse by transferring illegal files.  They also open manyoppurtunities for intruders to gain access via misconfigured setups.  Andlastly many versions of ftp servers have had security holes.  This FAQ isintended to clean up this abuse by allowing administrators to go through thischeck list of steps to make sure their FTP is correctly configured and thatthey are running the most current ftp daemon.<p>This is organized in the following fashion, I am breaking into several partsas follows:<br><ol><li><a href = "#general">General Description of Setting up an "Anonymous" FTP server.</a><li><a href = "#chroot">Setting up a chrooted Secure Anonymous FTP server.  </a><li><a href = "#os">OS Specific needed information and suggestions.<ul><li><a href = "#att">Older SVR2 and SVR3 system,RTU 6.0 (Masscomp, now Concurrent Real Time UNIX),and AT&#38;T 3B1 and 3B2 machines</a><li> <a href = "#hpux">HPUX</a><li><a href = "#sol">Solaris 2.x</a><li><a href = "#sun">SunOS </a></ul></a><li><a href = "#other">Where to get other FTP daemons</a><li><a href = "#secure">How to Know if your Anonymous FTP Server is Secure</a><li><a href = "#archie">Archie</a></ol><hr size=5><h3><a name = "general">1.  General Description of Setting up an "anonymous" ftp server.</a></h3><ol><li> Create the user ftp in /etc/passwd.  Use a misc group.  The user's homedirectory will be ~ftp where ~ftp is the root you wish anonymous users tosee.  Creating this user turns on anonymous ftp.<p>Use an invalid password and user shell for better security. The entry in thepasswd file should look something like:<blockquote>    ftp:*:400:400:Anonymous FTP:/home/ftp:/bin/true</blockquote><li> Create the home directory ~ftp.  Make the directory owned by root (NOT ftp)with the same group as ftp.  Thus, owner permissions are for root and grouppermissions are for the anonymous users.  Set the permissions for ~ftp to 555(read, nowrite, execute).<p><b>Warning:</b>Some MAN pages recommend making the ~ftp directory owned by ftp.This is a big NO-NO, if you want any type of security on your system.<p><li>Create the directory ~ftp/bin.  This directory is owned by root (groupe.g. wheel) with permissions 111 (noread, nowrite, execute).<p><li>Copy the program ls into ~ftp/bin.  ls is owned by root with permissions111 (noread, nowrite, execute).  Any other commands you put in ~ftp/bin should have the same permissions as well.<p><li>  Make the directory ~ftp/etc.  This directory is owned by root withpermissions 111.<p><li>  Create from scratch the files /etc/passwd and /etc/group in ~ftp/etc.These files should be mode 444.  The passwd file should only contain root,daemon, uucp, and ftp.  The group file must contain ftp's group. Use your/etc/passwd and /etc/group files as a template for creating passwd and groupfiles going to ~ftp/etc.  You may even change the user names in this file,they are used only for 'ls' command.  So for example if all files in your~ftp/pub/linux hierarchy will be maintained by a real user 'balon' withuid=156 you may put <blockquote>linux:*:156:120:Kazik Balon::</blockquote>in the ~ftp/etc/passwd file (regardless of his real username).  Leave onlythese users who will own files under ftp hierarchy (e.g. root, daemon,ftp...) and definitely remove *ALL* passwords by replacing them with '*' sothe entry looks like:<blockquote>root:*:0:0:Ftp maintainer::<br>ftp:*:400:400: Anonymous ftp::</blockquote>For more security, you can just remove ~ftp/etc/passwd and~ftp/etc/group (the effect is that ls -l will not show the directories' groupnames).  Wuarchive ftp daemon (and some others) have some extensions based onthe contents of the group/passwd files, so read the appropriate documentation.<p><li>  Make the directory ~ftp/pub.  This directory is owned by you and has thesame group as ftp with permissions 555.  On most systems (like SunOS) you maywant to make this directory 2555, ie. set-group-id, in order to create newfiles with the same group ownership.<p>Files are left here for public distribution. All folders inside ~ftp/pubshould have the same permissions as 555.<p><b>Warning: </b>Neither the home directory (~ftp) nor any directory below it should beowned by ftp!  No files should be owned by ftp either.  Modern ftp daemonssupport all kinds of useful commands, such as chmod, that allow outsiders toundo your careful permission settings.  They also have configuration optionslike the following (WuFTP) to disable them:<pre># all the following default to "yes" for everybodydelete          no      guest,anonymous         # delete permission?overwrite       no      guest,anonymous         # overwrite permission?rename          no      guest,anonymous         # rename permission?chmod           no      anonymous               # chmod permission?umask           no      anonymous               # umask permission?</pre><p><li> If you wish to have a place for anonymous users to leave files, createthe directory ~ftp/pub/incoming.  This directory is owned  by root withpermissions 733.  Do a 'chmod +t ~ftp/pub/incoming'.  The ftp daemon willnormally not allow an anonymous user to overwrite an existing file, but anormal user of the system would be able to delete anything.  By setting themode to '1733' you prevent this from happening.  In wuftpd you may configurethe daemon to create new files with permissions '600' owned by root or anyother user.  Many  times, incoming directories are abused by exchanging piratedand pornographic material.  Abusers often create hidden directories there forthis purpose.  Making the incoming directory unreadable by anonymous ftp helpsto some extent.  With ordinary ftp severs there is no way to preventdirectories being created in incoming. The WUarchive ftp server can limituploads to certain directories and can restrict characters used in file nameslike this:<pre># specify the upload directory informationupload  /var/spool/ftp  *       noupload  /var/spool/ftp  /incoming       yes     ftp     staff   0600    nodirs# path filters                                                                                  # path-filter...path-filter  anonymous  /etc/msgs/pathmsg  ^[-A-Za-z0-9_\.]*$  ^\.  ^-path-filter  guest      /etc/msgs/pathmsg  ^[-A-Za-z0-9_\.]*$  ^\.  ^-</pre><p>Suggestion: Create an extra file-system for your ftp-area (or at least foryour incoming-area) to prevent a denial-of-service attack by filling yourdisk with garbage (inside your incoming directory).<p>If you have wuftpd you may want to add some ftp extensions likecompression/decompression 'on the fly' or creation of tar files for thedirectory hierarchies.  Get the appropriate sources (gzip, gnutar, compress),compile them and link statically, put in the ~ftp/bin directory and edit theappropriate file containing the definitions of the allowed conversions./usr/bin/tar is already statically-linked.  You may wish to use gnu taranyway.<p>Gary Mills wrote a small program to support the following:<p>To do tar and compress, he wrote a tiny program called `pipe', andstatically-linked it. His /etc/ftpconversions file looks like this:<pre>#strip prefix:strip postfix:addon prefix:addon postfix:external command:#types:options:description:.Z:  :  :/bin/compress -d -c %s:T_REG|T_ASCII:O_UNCOMPRESS:UNCOMPRESS:-z:  :  :/bin/compress -d -c %s:T_REG|T_ASCII:O_UNCOMPRESS:UNCOMPRESS:  :  :.Z:/bin/compress -c %s:T_REG:O_COMPRESS:COMPRESS:  :  :.tar:/bin/tar cf - %s:T_REG|T_DIR:O_TAR:TAR:  :  :.tar.Z:/bin/pipe /bin/tar cf - %s | /bin/compress -c:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+COMPRESS:  :  :.tar:/bin/gtar -c -f - %s:T_REG|T_DIR:O_TAR:TAR:  :  :.tar.Z:/bin/gtar -c -Z -f - %s:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+COMPRESS:  :  :.tar.gz:/bin/gtar -c -z -f - %s:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+GZIP</pre>Here it is: <p>-----------------8<-------------cut---------------<pre>/* pipe.c: exec two commands in a pipe */#define NULL (char *)0#define MAXA 16main(argc, argv) int argc; char *argv[]; {char *av1[MAXA], *av2[MAXA];int i, n, p[2], cpid;                                                       i = 0; n = 0;while ( ++i < argc && n < MAXA ) {if ( *argv[i] == '|' && *(argv[i]+1) == '\0' ) break;av1[n++] = argv[i];}if ( n == 0 ) uexit();av1[n] = NULL;n = 0;while ( ++i < argc && n < MAXA )av2[n++] = argv[i];if ( n == 0 ) uexit();av2[n] = NULL;if ( pipe(p) != 0 ) exit(1);if ( ( cpid = fork() ) == (-1) ) exit(1);else if ( cpid == 0 ) {(void)close(p[0]);(void)close(1);(void)dup(p[1]);(void)close(p[1]);(void)execv(av1[0], av1);_exit(127);}else {(void)close(p[1]);(void)close(0);(void)dup(p[0]);(void)close(p[0]);(void)execv(av2[0], av2);_exit(127);                                                             }/*NOTREACHED*/}uexit() {(void)write(2, "Usage: pipe <command> | <command>\n", 34);exit(1);}</pre>-------- CUT HERE ------------<p><li> Other things to do:<p>as root:<blockquote>touch ~ftp/.rhosts<br>touch ~ftp/.forward<br>     chmod 400 ~ftp/.rhosts<br>chmod 400 ~ftp/.forward</blockquote>ie. make these files zero-length and owned by root.<p>Due to the last /bin/mail bugs in SunOS:<blockquote>touch /usr/spool/mail/ftp; chmod 400 /usr/spool/mail/ftp</blockquote>Consider an email-alias for the ftp-admin(s) to provide an email-address forproblems-reports.<p>If you are mounting some disks from other machines (or even your own) to the~ftp hierarchy, mount it read-only. The correct entry for the /etc/fstab (onthe host with ftpd) is something like:<blockquote>other:/u1/linux /home/ftp/pub/linux nfs ro,noquota,nosuid,intr,bg 1 0</blockquote>This mounts under /home/ftp/pub/linux the disk from host 'other' with no     quota, no 'suid' programs (just in case), interruptible (in case 'other' goes down) and 'bg' - so if 'other' is down when you reboot it will not stopyou trying to mount /home/ftp/pub/linux all over again.                      </ol><hr size=5><h3><a name = "chroot">2. Setting up a chrooted Secure Anonymous ftp server.</a></h2>This part was contributed by Marcus J Ranum &#60;mjr@tis.com&#62;<ol><li>Build a statically linked version of ftpd and put it in ~ftp/bin.Make sure it's owned by root.<p><li>Build a statically linked version of /bin/ls if you'll need one.Put it in ~ftp/bin. If you are on a Sun, and need to buildone, there's a ported version of the BSD net2 ls commandfor SunOs on ftp.tis.com: pub/firewalls/toolkit/patches/ls.tar.ZMake sure it's owned by root.<p><li> Chown ~ftp to root and make it mode 755     THIS IS VERY IMPORTANT<p><li> Set up copies of ~ftp/etc/passwd and ~ftp/etc/group just as you would                  normally, EXCEPT make 'ftp's home directory '/'   -- make surethey are owned by root.<p><li> Write a wrapper to kick ftpd off and install it in /etc/inetd.confThe wrapper should look something like: (assuming ~ftp = /var/ftp)<pre>main(){if(chdir("/var/ftp")) {	perror("chdir /var/ftp");