how to setup a secure "incoming" ftp directory?

how to setup a secure "incoming" ftp directory?

Post by Daniel Hau » Fri, 27 Feb 1998 04:00:00



Hi,
I am running an ftp server on an IRIX machine. I want to add an "incoming"
directory that is writable by anybody anonymously but doesn't permit
anonymous downloading. (Mainly I wish to avoid server abuse by warez
kids.)

Anything uploaded ist, of course, owned by user "ftp" (the anonymous ftp
account) and can thus be downloaded and/or deleted by user "ftp", too.

Is this possible to avoid with any ol' ftpd, or would I have to install
a apecial version? I've thought about running a cron job that changes file
ownership every ten minutes or so, but that doesn't strike me as a
particularly elegant solution.

--Daniel

 
 
 

how to setup a secure "incoming" ftp directory?

Post by Harald Radk » Fri, 27 Feb 1998 04:00:00



> Hi,
> I am running an ftp server on an IRIX machine. I want to add an "incoming"
> directory that is writable by anybody anonymously but doesn't permit
> anonymous downloading. (Mainly I wish to avoid server abuse by warez
> kids.)

> Anything uploaded ist, of course, owned by user "ftp" (the anonymous ftp
> account) and can thus be downloaded and/or deleted by user "ftp", too.

> Is this possible to avoid with any ol' ftpd, or would I have to install
> a apecial version? I've thought about running a cron job that changes file
> ownership every ten minutes or so, but that doesn't strike me as a
> particularly elegant solution.

> --Daniel

  well.....check /etc/ftpaccess ... you can specify the ownership of all
files uploaded into the
 designated incoming dirs ....

Harry

 
 
 

how to setup a secure "incoming" ftp directory?

Post by Daniel Hau » Fri, 27 Feb 1998 04:00:00


On Thu, 26 Feb 1998 13:48:57 +0100,

Quote:> well.....check /etc/ftpaccess ... you can specify the ownership of all
> files uploaded into the
> designated incoming dirs ....

Hm, only my ircd manpage doesn't mention this file at all. Maybe I ought
to shop around for a decent ftpd.

--Daniel

 
 
 

how to setup a secure "incoming" ftp directory?

Post by Harald Radk » Fri, 27 Feb 1998 04:00:00



> On Thu, 26 Feb 1998 13:48:57 +0100,

> > well.....check /etc/ftpaccess ... you can specify the ownership of all
> > files uploaded into the
> > designated incoming dirs ....

> Hm, only my ircd manpage doesn't mention this file at all. Maybe I ought
> to shop around for a decent ftpd.

> --Daniel

  hm....never heard from ircd....am currently running wu.ftpd ...guess some
others also use this file

Harry

 
 
 

how to setup a secure "incoming" ftp directory?

Post by Timothy J. L » Fri, 27 Feb 1998 04:00:00


|I am running an ftp server on an IRIX machine. I want to add an "incoming"
|directory that is writable by anybody anonymously but doesn't permit
|anonymous downloading. (Mainly I wish to avoid server abuse by warez
|kids.)

Find a way to make the ftpd server program create files which are not
readable or writable by the owner (i.e. so someone can upload files
though anonymous ftp, but not read them back or overwrite them).  Also,
have it disallow making directories from anonymous logins.

wu-ftpd is one ftp server program that offers these capabilities.

Another possibility is to have a cron job run at frequent intervals
to remove stuff from the incoming area and save it to a place where
system administrators can deal with it.  Of course, making directories
through anonymous ftp still needs to be disallowed (or the cron job
can "rm -rf" any "unusual" directories that it finds).

Perhaps use both methods...

--
------------------------------------------------------------------------

Unsolicited bulk or commercial email is not welcome.             netcom.com
No warranty of any kind is provided with this message.

 
 
 

how to setup a secure "incoming" ftp directory?

Post by Daniel Hau » Fri, 27 Feb 1998 04:00:00


On Thu, 26 Feb 1998 17:06:57 +0100,

Quote:>   hm....never heard from ircd....am currently running wu.ftpd ...guess some
> others also use this file

whoops, I meant ftpd of course. I'll have already downloaded wu.ftpd and
will install it soon. Thanx for the help!

--Daniel

 
 
 

how to setup a secure "incoming" ftp directory?

Post by Nikos Geor » Sat, 28 Feb 1998 04:00:00




>Hi,
>I am running an ftp server on an IRIX machine. I want to add an "incoming"
>directory that is writable by anybody anonymously but doesn't permit
>anonymous downloading. (Mainly I wish to avoid server abuse by warez
>kids.)

Get wu-ftpd from academ.com Latest version is beta16:
ftp://ftp.academ.com/pub/wu-ftpd/private/
Make the files in the incoming dir owned by root, make the incoming dir
drwx-wx-wt root other
... in general don't have files owned by ftp (except in pub     have the group
be ftp)
and study the man pages of ftpaccess (mainly)
Also take a look at the IRIX's ftpd man page. It may have good
recommedations about seting up anonymous ftp.

/Nikos