Very Computer

by **Ben Russ** » Thu, 01 Oct 1998 04:00:00

> I am setting up an anonymous ftp server on a Debian 1.3 box (Yes, I know
> it's superceded. No, I'm not going to upgrade unless it directly affects
> this problem).

> For some reason, once you've logged onto the anon ftp server, it won't do
> 'dir' (or 'ls -l') commands. This is the same for both the standard ftpd
> and wu-ftpd.

> ftp> dir
> 200 PORT command successful.
> 150 Opening ASCII mode data connection for /bin/ls.
> 226 Transfer complete.

> See? No files! Except there are;

> ***README***
> stats.dat
> TIB
> ***Files_more_than_7_days_old_will_be_deleted***
> 226 Transfer complete.
> 163 bytes received in 0.0039 seconds (41 Kbytes/s)

> Anyone any ideas?

> Regards,

> Hugh.
> --
> VP Desktop Systems, Republic National Bank, London.
> The views expressed here are mine, and do not reflect the official
> position of Republic New York Corporation.
> [Please remove "_nospam" for real email address.]

One idea I have is that your "chroot skeleton" has gotten lost
or deleted.

When anonymous ftp occurs, it "chroot"s to the anonymous
ftp directory. There is usually a skeleton /etc /bin /lib
directory structure off of the ftp dir with just enough files to
give ftp it's basic command set. If these get blown away, or if
the permissions are wrong, they won't work.

Try NON-Anonymous ftp to the server, if that works, then
what is described above is probably the problem.

by **Steven J. Hathawa** » Thu, 01 Oct 1998 04:00:00

> I am setting up an anonymous ftp server on a Debian 1.3 box (Yes, I know
> it's superceded. No, I'm not going to upgrade unless it directly affects
> this problem).

> For some reason, once you've logged onto the anon ftp server, it won't do
> 'dir' (or 'ls -l') commands. This is the same for both the standard ftpd
> and wu-ftpd.

> ftp> dir
> 200 PORT command successful.
> 150 Opening ASCII mode data connection for /bin/ls.
> 226 Transfer complete.

> See? No files! Except there are;

==========
Hopefully you have anonymous FTP rooted to its own directory tree.

see: grep ftp /etc/passwd

This should show the home directory used by anonymous FTP. You do not
need a shell, and should specify a shell that does not function or just
exits doing nothing.

Now at the rooted ftp directory ~/

~/bin/ls This should be a copy of the "ls" program
~/etc/passwd This should be a pruned copy of /etc/passwd
so as not to disclose sensitive information such
as
hashed passswords. Remove all password content.
~/etc/group This should be a pruned copy of /etc/group
so as not to disclose sensitive information.

If the ls program needs dynamic libraries from the system, those
libraries
should also be copied to ~/ in an appropriate subddirectory.

Once this is done, make sure that protections are such that user 'ftp'
cannot modify the contents of these copied system files, but has
read/execute
access where necessary.

This should solve your 'ls'/'dir' problem.

- Steve Hathaway

Very Computer

'dir' doesn't work for anonymous ftp

'dir' doesn't work for anonymous ftp

'dir' doesn't work for anonymous ftp