SUMMARY: Setting up Anonymous FTP

From: rwolf@dretor.dciem.dnd.ca
Date: Tue Aug 04 1992 - 23:44:46 CDT


Original request.

>
> Does anyone have any information on how to setup an anonymous ftp on a
> sun3 system running SunOS 4.1.1U1. Are there any recommended patches
> I should be aware about?
>
> If it is in the FM then could that person let me know where?
>

Special thanks to the following people:
>From john@mlb.semi.harris.com Sat Aug 1 03:14:59 1992
>From higgins@math.niu.edu Sat Aug 1 03:57:39 1992
>From daneel@Trantor.DSO.gov.SG Sun Aug 2 20:19:40 1992
>From Roberto@sunsci.cern.ch Mon Aug 3 03:34:39 1992
>From Stephan.Edman@eua.ericsson.se Mon Aug 3 06:36:07 1992
>From halvard@trd.sdata.no Mon Aug 3 10:52:11 1992
>From cagroth@snll-arpagw.llnl.gov Mon Aug 3 11:18:29 1992
>From solomon!kevinc@qiclab.scn.rain.com Tue Aug 4 03:38:42 1992
>From macphed@dvinci.usask.ca Tue Aug 4 10:58:24 1992

The majority of replys were do 'man ftpd'.

cagroth@snll-arpagw.llnl.gov gave this interesting reply:
>The "Unix System Administration handbook" by evi nemeth, garth snyder and
>scott seebass (ISBN 0-13-933441-6) provides excellent examples on how to
>set up your site as an anonymous ftp site.

All replies were very helpful with the most thorough one going to
higgins@math.niu.edu

Thank you!
-----------------------------------------------------------------------------
>From higgins@math.niu.edu Sat Aug 1 03:57:39 1992

1) Find a free partition about the right size. This makes it easy to
   back the thing up and restore it.

2) I made a directory /ftproot on the machine where it needs to sit, with
   555 permissions.

3) Mount the partition on /ftproot.

4) Make sure you have an ftp user in the /etc/passwd for that machine.
   I run NIS (YP) here, and passwords are network wide, but I only allow
   ftp into one machine. So it's /etc/passwd has an ftp user-id, but
   there is none in the master passwd file.

5) Jump over to wuarchive and get
   wuarchive.wustl.edu:/packages/ftpd.wuarchive.shar

6) In /ftproot
   mkdir bin etc dev pub usr usr/lib
   check the ownership and permissions; I set all my top dir to be root.wheel
   except for ftproot/etc which is root.daemon all have 555 permisions.
   usr/lib is root.daemon and 555 also.

7) cp /usr/bin/ls to /ftproot/usr
   cp /usr/lib/ld.so to /ftproot/usr/lib
   cp /usr/lib/libc.so.1.6 to /ftproot/usr/lib
   make the owner.group and permissions match the originals.

8) ls -l /dev/zero
   in /ftproot/dev mknod zero c major minor
   using the major and minor from the ls.

9) create /ftproot/etc/passwd
   you'll need the usual entries, mine look like this:

   root:*:0:0::/:/dev/null
   
   ditto for daemon, sys,bin, ftp

10) create /ftproot/etc/group
    again, you really only want the group names and numbers, you
    don't need group members. This is to make listings look pretty.

11) create the ftp entry in /etc/passwd
    mine looks like this

    ftp:*:400:400:Anonymous FTP:/ftproot:/bin/csh

12) At this point in time, if a real user can ftp into the machine,
    anonymous ftp should be working too. If real users can't ftp
    (non-anonymously) into the machine, you'll need to uncomment
    or install the following line in /etc/inetd.conf

ftp stream tcp nowait root /usr/etc/in.ftpd in.ftpd

    and restart inetd. (Use ps to find the pid and kill -HUP pid ).

13) Unshar the ftpd.wuarchive stuff, read thru it and decide if you
    want to install it. Many, many sites are going to it. It essentially
    replaces /usr/etc/in.ftpd, so you'll eventually end up changing some
    of (13) if you use it. Put in the time and install it.

14) Since the stated purpose of our anonymous ftp is to all our professors
    to 'publish' their papers, in my math.niu.edu:/pub, I put a directory
    for the professors to put their papers in. Each person owns their own
    papers subdirectory. Since we run C2, to protect the user-ids, I
    installed into /ftproot/etc/passwd each users id with a locked passwd,
    and instead of the username, gave them all the name papers. Since
    the directorys are all named Lastname,Firstname, even though we
    identify the person, we give away neither their login name, nor
    their user-id. (This works since you can't do an ls -n) eg:

    papers:5001:5000::/:/dev/null
    papers:5002:5000::/:/dev/null

    Depending upon what you're using your anon ftp service for, you
    might find this technique usefull. It's not really a security
    technique, as much as it is a blankie for the more paranoid of
    our users.

15) Run thru the system and make sure that all 'protected' files are
    non-writeable, protected directories are non-writaable. You may
    want to consider creating a contrib directory 1777 for people to
    stick stuff in.

16) My ftp machine is olympus.math.niu.edu, but in my nameserver
    I put in an A record for the domain with the address of olympus
    so that ftp math.miu.edu gets you to the right machine, and a
    CNAME record for ftp.math.niu.edu so it takes you to the same
    place.

It's been 6 or 7 months since I set this up, but unless I've forgotten
something you should be happening.

 -Gregory Higgins, Systems Manager, higgins@math.niu.edu



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:46 CDT