On Fri, 24 Apr 1998, joyce grace touzo wrote:
> 1. What�s the use of the files passwd and group in the ~ftp/etc
> directory? I tried renaming these files to see if it is being reference
> by the ftp server but I found that I can still login without it using a
> valid real account. It seems that the /etc/passwd is the one being
> reference by the ftp server instead of the ~ftp/etc/passwd as I have
> proven when I change the password in the /etc/passwd.
~ftp/etc/passwd and ~ftp/etc/group are used only for the showing ownership
with the "ls" command. It is not used for authentication (which is why you
dont need real hashes in it) and you can strip all entries out of passwd
that dont have files in you ftp site (for me root and ftp are the only
ones).
> 2. Where can I find the log file for the ftp? I can�t see any line in
> /etc/ftpaccess that points to a file. The configuration file has the
> lines:
>
> log commands real,anonymous
> log transfers anonymous,real inbound,outbound
I believe that command logging is done via syslog(3), and transfer logging
is handle by ftp itself. The path to the transfer log can be set at build
time (mine is /var/log/ftp/xferlog, but im not sure if that was the
default...)
> 3. I disabled the anonymous access and create real accounts with
> anonymous privileges for more control. I use the adduser utility to
> create the accounts. My problem is about security. Yes, the users that
> I made were able to connect to the ftp server but they can also telnet
> to it. I tried to removed the shell field in the /etc/passwd file but
> the ftp needs it. They cannot ftp to the server without the shell. Is
> there a way allowing the ftp but blocking the telnet?
> the ftp needs it. They cannot ftp to the server without the shell. Is
read as: They cannot ftp to the server without their shell being set to a
program listed in /etc/shells. I use /bin/false.
Good Luck!
