problem w/anonymous ftp -- "Can't create data socket"

problem w/anonymous ftp -- "Can't create data socket"

Post by Casper H.S. Dik - Network Security Engine » Wed, 08 Oct 1997 04:00:00



[[ Reply by email or post, don't do both ]]


>when you log in as anonymous ftp user on my system and try to get
>something (or just run ls), you get
>425 Can't create data socket (0.0.0.0,20): No such device or address.
>ftp is working fine for all other users. All system files in ~ftp
>hierarchy seem to be OK (that is, on a different system anon. ftp runs
>w/out problems on the same directory). Could it mean that somebody is
>fooling around with network devices on this system?

Looks like the ftp filesystem might be mounted with "nosuid".

The solaris FAQ says:

3.9) How can I set up anonymous FTP?

    If you need help, ftp the file "ftp.anon" from
    ftp://ftp.math.fsu.edu/pub/solaris/ftp.anon.

    ftpd(1M) is nearly complete when it comes to setting
    up anonymous ftp.  It only leaves out /etc/nsswitch.conf. [S2.3]

    Additionally, you must make sure that the filesystem ~ftp resides
    on is not mounted with the nosuid option.  This is because the nosuid
    option also disables the kernel honoring device files which are
    required in the chroot environment for ~ftp.

    For security reasons, it is important that no files under ~ftp are
    owned by ftp.  If they are, anonymous users can modify them.

    In Solaris 2.5 and later, you will need to copy /usr/lib/libmp.so.1
    as well as provide a /dev/ticlts (for wu-ftpd).

    --- end of excerpt from the FAQ

Questions marked with a * or + have been changed or added since
the FAQ was last posted

The most recently posted version of the FAQ is available from
<http://www.wins.uva.nl/pub/solaris/solaris2/>
--
Expressed in this posting are my opinions.  They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.

 
 
 

problem w/anonymous ftp -- "Can't create data socket"

Post by Leonid Andre » Wed, 08 Oct 1997 04:00:00


Hi,

I realize this must be something very simple, but I can't figure it out
so far:

when you log in as anonymous ftp user on my system and try to get
something (or just run ls), you get

425 Can't create data socket (0.0.0.0,20): No such device or address.

ftp is working fine for all other users. All system files in ~ftp
hierarchy seem to be OK (that is, on a different system anon. ftp runs
w/out problems on the same directory). Could it mean that somebody is
fooling around with network devices on this system?

please help!

TIA,

-Leonid

 
 
 

problem w/anonymous ftp -- "Can't create data socket"

Post by Andreas Krom » Wed, 15 Oct 1997 04:00:00



: >425 Can't create data socket (0.0.0.0,20): No such device or address.

There is a dev missing in ~ftp/dev

: 3.9) How can I set up anonymous FTP?
:
:     If you need help, ftp the file "ftp.anon" from
:     ftp://ftp.math.fsu.edu/pub/solaris/ftp.anon.
:
:     ftpd(1M) is nearly complete when it comes to setting
:     up anonymous ftp.  It only leaves out /etc/nsswitch.conf. [S2.3]

I did not find this to be necessary (Solaris 2.5.1).
Further, I cannot find any difference between "~ftp/etc/passwd exists" and
"~ftp/etc/passwd does not exist". Dito with "group".

--

------------------------
ANDREAS KROMKE

.....................................................
Fragen Sie nicht, was Ihr Computer fuer Sie tun kann.
Fragen Sie, was Sie fuer Ihren Computer tun koennen.

 
 
 

problem w/anonymous ftp -- "Can't create data socket"

Post by Casper H.S. Dik - Network Security Engine » Wed, 15 Oct 1997 04:00:00


[[ Reply by email or post, don't do both ]]



>: >425 Can't create data socket (0.0.0.0,20): No such device or address.
>There is a dev missing in ~ftp/dev

Actually, this particular error mesage can mean only two things:
        - the device node exists, but has a bogus major/minor number
        - the device node exists, but the filesystem is mountd nosuid

(Or you'd get "No such file or directory")

Quote:>I did not find this to be necessary (Solaris 2.5.1).
>Further, I cannot find any difference between "~ftp/etc/passwd exists" and
>"~ftp/etc/passwd does not exist". Dito with "group".

You won't get groups/users in ls listings.

Casper
--
Expressed in this posting are my opinions.  They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.