-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Gabriel Dragffy wrote:
> Using sysinstall I enabled anonymous FTP, with uploads allowed in the > folder /incoming. Uploading works a treat, however the files don't have > permissions to be downloaded again (by anon user). I know I could change > this by executing a cron job every two minutes that would chmod the > files in /incoming. But surely there must be a far better way...? The > FreeBSD handbook says it doesn't recommend allowing anon users to d/load > files uploaded anonymously, however I would still like to implement this. The idea here is to stop your FTP server being used as a warez site. So the script kiddies cannot upload their cracked software and dubious copies of this that and the other and then send all their little friends along to download that stuff from you. Leave a mis-configured FTP server on the net and it will be discovered and used for this purpose within a week or so. The best approaches are these: i) Don't use FTP at all. FTP is an archaic protocol, hard to firewall correctly and that sends passwords across the net in plain text. The secure version 'FTPS' is not supported by the ftpd in the base system. Instead consider such things as SFTP (which is an SSH client which behaves like FTP), WebDAV over HTTPS (HTTP PUT) or a form based upload CGI script (HTTP POST), rsync over SSH. etc. ii) If you have to use FTP, then create individual user FTP accounts so you have some accountability as to who is doing what. Run the FTP service in a chroot or jail and make sure the FTP password file is distinct from the normal password file. iii) If you have to provide incoming anonymous FTP then don't automatically make any uploaded files available for download. Task a person with reviewing what was uploaded and then moving it into an appropriate place in your filesystem where it can be downloaded from. Again, be sure to run FTP chroot'ed or jailed. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. Flat 3 7 Priory Courtyard PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW, UK -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG4Agy3jDkPpsZ+VYRA2V3AKCMzwid9H5W1dY2FkwVdLyZvVq31wCgjgFp 4p0qDnF185J4kqNvxxUd/nw= =NOgu -----END PGP SIGNATURE----- _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"