Very Computer

> I'm just setting up a Solaris 8 system...and taking pains to
> "armor-plate" it (following several guides, ssh, etc.).  However, I want
> to provide a single read-only ftp directory for anonymous access (I
> know...not the best option, but I'm not the boss).  Using the
> information and script provided in the Dec 99 Solaris man page, I have
> it working to the point where an anonymous user can log in, can't write
> to /ftp, can get an file if they know the precise filename..so anonymous
> ftp is working.  However, 'ls' doesn't work...there is no way they can
> see what files are available.  The ls command is definately in the
> /ftp/bin/ls location, directory readable, mounted ok, etc...
> I've spent a couple days on this...and am quite at wit's end!
> Is there any way to get "ls" to work...or is this such a security hole
> that it is no longer supported on Solaris 8?  Any other suggestions on
> how to provide a "public" ftp location for the world to get
> public-domain files?

> Dave Bouwer, noaa/sec

> --
> S. Dave Bouwer
>    Senior Project Engineer
>    Logicon Federal Data
>    www.SpaceWx.com
> Mailing Address:
>    NOAA Space Environment Center
>    325 Broadway
>    Boulder CO, 80305-3328
> Phone:
>    303-497-3899 office
> email:

> ---------------------------------------------------------------------------

> I'm just setting up a Solaris 8 system...and taking pains to
> "armor-plate" it (following several guides, ssh, etc.).  However, I want
> to provide a single read-only ftp directory for anonymous access (I
> know...not the best option, but I'm not the boss).  Using the
> information and script provided in the Dec 99 Solaris man page, I have
> it working to the point where an anonymous user can log in, can't write
> to /ftp, can get an file if they know the precise filename..so anonymous
> ftp is working.  However, 'ls' doesn't work...there is no way they can
> see what files are available.  The ls command is definately in the
> /ftp/bin/ls location, directory readable, mounted ok, etc...
> I've spent a couple days on this...and am quite at wit's end!
> Is there any way to get "ls" to work...or is this such a security hole
> that it is no longer supported on Solaris 8?  Any other suggestions on
> how to provide a "public" ftp location for the world to get
> public-domain files?

> Dave Bouwer, noaa/sec

> --
> S. Dave Bouwer
>    Senior Project Engineer
>    Logicon Federal Data
>    www.SpaceWx.com
> Mailing Address:
>    NOAA Space Environment Center
>    325 Broadway
>    Boulder CO, 80305-3328
> Phone:
>    303-497-3899 office
> email:

> ---------------------------------------------------------------------------

>> One more try...
>> Has anyone setup anonymous ftp under Solaris 8?  Still have the "ls" problem,
>> and am not quite prepared to learn and install a 3rd-party ftp application.
>> -Dave

>> > I'm just setting up a Solaris 8 system...and taking pains to
>> > "armor-plate" it (following several guides, ssh, etc.).  However, I want
>> > to provide a single read-only ftp directory for anonymous access (I
>> > know...not the best option, but I'm not the boss).  Using the
>> > information and script provided in the Dec 99 Solaris man page, I have
>> > it working to the point where an anonymous user can log in, can't write
>> > to /ftp, can get an file if they know the precise filename..so anonymous
>> > ftp is working.  However, 'ls' doesn't work...there is no way they can
>> > see what files are available.  The ls command is definately in the
>> > /ftp/bin/ls location, directory readable, mounted ok, etc...
>> > I've spent a couple days on this...and am quite at wit's end!
>> > Is there any way to get "ls" to work...or is this such a security hole
>> > that it is no longer supported on Solaris 8?  Any other suggestions on
>> > how to provide a "public" ftp location for the world to get
>> > public-domain files?

>ls worked when I set up SUN's ftpd.  I didn't use anonymous but a real
>account.  Read the man page on file permissions, specifically what the
>execute bit does for directories.  Also check the permissions on the
>statically linked ls you've put in the ftp/usr/bin.  Also check any logs
>in /var/adm/messages and /var/log/syslog.

>Sun's ftpd isn't very robust for tracking access which I would think is
>key to security.  Unless you don't care, rethink your decision to use
>another ftpd.  Sun's is minimal in security and features.

> One more try...
> Has anyone setup anonymous ftp under Solaris 8?  Still have the "ls" problem,
> and am not quite prepared to learn and install a 3rd-party ftp application.
> -Dave

> > I'm just setting up a Solaris 8 system...and taking pains to
> > "armor-plate" it (following several guides, ssh, etc.).  However, I want
> > to provide a single read-only ftp directory for anonymous access (I
> > know...not the best option, but I'm not the boss).  Using the
> > information and script provided in the Dec 99 Solaris man page, I have
> > it working to the point where an anonymous user can log in, can't write
> > to /ftp, can get an file if they know the precise filename..so anonymous
> > ftp is working.  However, 'ls' doesn't work...there is no way they can
> > see what files are available.  The ls command is definately in the
> > /ftp/bin/ls location, directory readable, mounted ok, etc...
> > I've spent a couple days on this...and am quite at wit's end!
> > Is there any way to get "ls" to work...or is this such a security hole
> > that it is no longer supported on Solaris 8?  Any other suggestions on
> > how to provide a "public" ftp location for the world to get
> > public-domain files?

> > Dave Bouwer, noaa/sec

> > --
> > S. Dave Bouwer
> >    Senior Project Engineer
> >    Logicon Federal Data
> >    www.SpaceWx.com
> > Mailing Address:
> >    NOAA Space Environment Center
> >    325 Broadway
> >    Boulder CO, 80305-3328
> > Phone:
> >    303-497-3899 office
> > email:

> > ---------------------------------------------------------------------------

> --
> S. Dave Bouwer
>    Senior Project Engineer
>    Logicon Federal Data
>    www.SpaceWx.com
> Mailing Address:
>    NOAA Space Environment Center
>    325 Broadway
>    Boulder CO, 80305-3328
> Phone:
>    303-497-3899 office
> email:

> ---------------------------------------------------------------------------

>Try wu-ftpd, its a freeware replacement for ftpd which is more
>configurable and can be locked down nicely for anonymous ftp access

>http://www.wu-ftpd.org

>> I'm just setting up a Solaris 8 system...and taking pains to
>> "armor-plate" it (following several guides, ssh, etc.).  However, I want
>> to provide a single read-only ftp directory for anonymous access (I
>> know...not the best option, but I'm not the boss).  Using the
>> information and script provided in the Dec 99 Solaris man page, I have
>> it working to the point where an anonymous user can log in, can't write
>> to /ftp, can get an file if they know the precise filename..so anonymous
>> ftp is working.  However, 'ls' doesn't work...there is no way they can
>> see what files are available.  The ls command is definately in the
>> /ftp/bin/ls location, directory readable, mounted ok, etc...
>> I've spent a couple days on this...and am quite at wit's end!
>> Is there any way to get "ls" to work...or is this such a security hole
>> that it is no longer supported on Solaris 8?  Any other suggestions on
>> how to provide a "public" ftp location for the world to get
>> public-domain files?

>> Dave Bouwer, noaa/sec

>> --
>> S. Dave Bouwer
>>    Senior Project Engineer
>>    Logicon Federal Data
>>    www.SpaceWx.com
>> Mailing Address:
>>    NOAA Space Environment Center
>>    325 Broadway
>>    Boulder CO, 80305-3328
>> Phone:
>>    303-497-3899 office
>> email:

>> ---------------------------------------------------------------------------

>One more try...
>Has anyone setup anonymous ftp under Solaris 8?  Still have the "ls" problem,
>and am not quite prepared to learn and install a 3rd-party ftp application.
>-Dave

> >One more try...
> >Has anyone setup anonymous ftp under Solaris 8?  Still have the "ls" problem,
> >and am not quite prepared to learn and install a 3rd-party ftp application.
> >-Dave

> have you run the script in the in.ftpd manual page?

> Casper

>#   Casper -
>#  
>#   Thanks for the reply...
>#   Yes, I have run the script in the in.ftpd...and triple-checked it.  I've been
>#   through the problem with two SA's...with no success.  It is their opinion that the
>#   dynamicly linked 'ls' is broken (and the *.so files are all there).  Recall that
>#   /ftp/bin/ls works fine when normally logged in, and all other aspects of the
>#   anonymous ftp behave as expected.  Just the 'ls' fails.

>Run 'ls' in the ftp chroot area directly
>using the "chroot" command to see your
>errors.

>You have screwed up. ;-)