[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] FTP Server on Linux



-----BEGIN PGP SIGNED MESSAGE-----


Matthew,
	Are primary web server is running Linux without FrontPage
extensions so our users have to use FTP to upload. They have to have a
valid acct and password to login. The only problem is that they can go
snooping around the directory tree of your machine since it doesn't
restrict them to their home directory. Because of this you do need to make
sure file permissions for files/directories they should not access are set
correctly. Also I would add the following line to your ftpaccess file:

	noretrieve /etc/passwd /etc/shadow core

	You may also wish to add /etc/shadow- and /etc/passwd- to that
list of files but that should restrict them from being downloaded via FTP
as shown below:

Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd /etc/
250 CWD command successful.
ftp> dir passwd
200 PORT command successful.
150 Opening ASCII mode data connection for /bin/ls.
- -rw-r--r--   1 root     root         3306 Jan 18 14:52 passwd
226 Transfer complete.
ftp> get passwd
local: passwd remote: passwd
200 PORT command successful.
550 /etc/passwd is marked unretrievable
ftp> get /etc/shadow
local: /etc/shadow remote: /etc/shadow
200 PORT command successful.
550 /etc/shadow: Permission denied.
ftp>

	This was done one of our Linux machines loggin into FTP as a
non-root account. Hence the permission denied on /etc/shadow since it is
set to 0640 owned by root:shadow.

	Of course if you do allow users to login via FTP they can snoop
through other users files if the user doesn't know how to change the
permissions on a file they don't want viewed. Most FTP clients should have
this is an option or it can be done using the SITE command syntax.

	Respectfully,
	Jeremy T. Bouse
	Sr. System Administrator

On Fri, 22 Jan 1999, Matthew Brown wrote:

> Date: Fri, 22 Jan 1999 11:06:27 -0500
> From: Matthew Brown <matthew.brown at cordata.net>
> To: ale at ale.org
> Subject: Re: [ale] FTP Server on Linux
> 
> Thanks for the SPEEDY replies!
> 
> I offer web hosting services (so far on NT) - killer bandwidth!, but I'd
> like to move my shop almost ENTIRELY over to Linux, and styay with Linux
> from here on out.  If you've followed the list for a month or two you may
> remember I've been hacked pretty hard.  I am NOT interested in this
> happening again.  Since it is not a problem on my NT server (yet!), I have
> left HTTP/FTP there.  I only do sendmail/ipopd on my Linux box.
> 
> The FTP access would be authenticated, but NONE of the users need have any
> permissions/rights outside there little world.
> 
> Doesthis answer the question about access?  I guess I see no need for
> anon-FTP, but I do need everyone's data to go to 'their'subdirectories.
> 
> -Matthew Brown
> 
> ----- Original Message -----
> From: Michael H. Warfield <mhw at wittsend.com>
> To: Matthew Brown <matthew.brown at cordata.net>
> Cc: <ale at ale.org>
> Sent: Friday, January 22, 1999 10:26 AM
> Subject: Re: [ale] FTP Server on Linux
> 
> 
> >Matthew Brown enscribed thusly:
> >
> >> Should I be confident that I can turn on the FTP daemon without
> compromising
> >> my security too much.  Surely someone out there is using FTP and Linux?
> >
> >> I only ask because I have heard (I think) that this is one of the
> 'dangerous
> >> daemons' to use as far as security.
> >
> > It can be.
> >
> > What is your objective?
> >
> > 1) Do you wish to start up an anonymous ftp server?
> >
> > 2) Do you wish to provide incoming or upload capability?
> >
> > 3) Do you wish to provide ftp access for non-anonymous accounts?
> >
> > Anonymous ftp should not bee too difficult to set up.  In fact,
> >most distributions already have it setup and too many turn it on ftpd
> >with anon ftp service by default (grrrr).  Even if they do set it up
> >properly, offering a service on the network by default, which the user
> >may not be aware of, is a serious security risk.
> >
> > If you wish to allow outsiders to upload data to your system,
> >make sure ~ftp/incoming is writable but not readable or searchable by
> >the ftp account!  Also read and understand the options in your
> /etc/ftpaccess
> >file.  Do not allow the creation of subdirectories under ~ftp/incoming.
> >
> > I would strongly advise against #3 and use safer file transfer
> >methods such as scp.  Using ftp may result in user passwords being passed
> >in the clear on the network
> >
> >> -Matthew Brown
> >
> > Mike
> >--
> > Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
> >  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
> >  NIC whois:  MHW9      |  An optimist believes we live in the best of all
> > PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!
> 

,-----------------------------------------------------------------------------,
|  Jeremy T. Bouse   -   SouthNet TeleComm Services, Inc.   -   www.STSI.net  |
|     PGP ID/Fingerprint: 1024/E83D9AE5/4ACC03F098D78198 19D0593E50E597E9     |
|         Public PGP key available via 'finger undrgrid at UnderGrid.net'        |
|  undrgrid at UnderGrid.net   -   NIC Whois: JB5713    -    sysadmin at STSI.net   |
|      Anti-trust laws should be approached with exactly that attitude.       |
`-----------------------------------------------------------------------------'

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBNqi66+ak13roPZrlAQEfbgP+Nph2Gj2H80EJeV1ZwVKOKkjK7S60nz+w
Tv3RLYdMJF+uP0BGGU5x1h1X96IQn1LClBjRUwB+QNz9nEx9O9TSzuXgM93VHnIU
hnVzlliH17jQj+a3mwMp/6r8ONEBpuSZ/yiGNqzJYGie0Q91amRPGCHCSrn3Tf73
0ZDk3WupOzk=
=RoAn
-----END PGP SIGNATURE-----