Thank you so much for so many response. I have successfully set
up Anonymous FTP. I love this dl. Following is the procedure that I followed
with few changes sent to me by Rick Dyson. Only one change I hade to make to
I am forwarding this for those of you who were interested.
1) Create the user ftp in /etc/passwd. Use a misc group. The user`s
home directory will be ~ftp where ~ftp is the root you wish anonymous
users to see. Use an invalid password and user shell for better
security. The entry in the passwd file should look something like:
2) Create the home directory ~ftp. Make the directory owned by you (NOT ftp)
with the same group as ftp. Thus, owner permissions are for you and group
permissions are for the anonymous users. Set the permissions for ~ftp to
555 (read, nowrite, execute).
3) Create the directory ~ftp/bin. This directory is owned by root (group
wheel) with permissions 555.
4) Copy the program ls into ~ftp/bin. ls is owned by root with permissions
111 (noread, nowrite, execute).
5) Create the directory ~ftp/usr. This directory is owned by root with
6) Create the directory ~ftp/usr/lib. This directory is owned by root with
7) Copy the runtime loader ld.so into ~ftp/usr/lib for use by ls. ld.so is
owned by root with permissions 555.
8) Copy the latest version of the shared C library, libc.so.* into
~ftp/usr/lib for use by ls. libc.so.* is owned by root with permissions
*** 4.1.2 users: you also need to copy /usr/lib/libdl.so.* to /ftp/lib.
9) Create the directory ~ftp/dev. This directory is owned by root with
10) ~ftp/dev/zero is needed by the runtime loader. Move into the directory
~ftp/dev and create it with the command mknod zero c 3 12.
your_machine> mkdir /usr/ftp/dev
your_machine> cd /usr/ftp/dev
your_machine> mknod zero c 3 12
***For novices: WARNING!! Don't try to copy /dev/zero to ~ftp/dev/zero!!
This is an endless files of zeroes and it will completely fill you filesystem!
11) Make the directory ~ftp/etc. This directory is owned by root with
12) Copy the files /etc/passwd and /etc/group into ~ftp/etc. These
files should be mode 444. The passwd file should only contain root,
daemon, uucp, and ftp. The group file must contain ftp's group.
*** Because it is possible for anonymous users to access ~ftp/etc
and download the passwd and group files, you should delete any entries
not required for anonymous entry!
*** For better security, reduce the entries in the passwd file to only
the name, uid, gid, and a "*" where the password was. An entry would
look like the following:
*** For maximum security, do not use the passwd or group files at all! They
are only required to provide the name of a file owner when users do "ls -l".
Since all files/directories should be owned by ftp or root, this is useless.
13) Make the directory ~ftp/pub. This directory is owned by you and has
the same group as ftp with permissions 555. Files are left here for
public distribution. All folders inside ~ftp/pub should have the same
***Neither the home directory (~ftp) nor any directory below it should be
owned by ftp! Modern ftp daemons support all kinds of useful commands, such
as chmod, that allow outsiders to undo your careful permission settings.
(Thanks to Wietse Venema for that note!)
14) If you wish to have a place for anonymous users to leave files,
create the directory ~ftp/pub/incoming. This directory is owned by root
with permissions 722 (root has all permissions, other users can only
write). Files can be left here, but users cannot see what is there, to
prevent the spread of unauthorized files.
The permissions for this directory had to be set at 777 so users who put
infromation in this directory can verify it.
15) If you want to have the localtime showing when people connect,
create the directory ~ftp/usr/share/lib/zoneinfo and copy
/usr/share/lib/zoneinfo/localtime into it. All of these directories
should have the same owner, group, and permissions as ~ftp/usr.
16) If you are bothered by the need for copying your libraries so that you can
use Sun's 'ls', which is dynamically linked, you can try to get a statically
linked copy of 'ls' instead. In this case, you can dispense with steps #6-8.
Statically linked versions may be available from the following sources:
*********************************************************** ************Many thanks to the following people for their response:
rick dyson firstname.lastname@example.org:edu Johnny Hui email@example.com Doug Moran brad@optilink:com Walt Dabell firstname.lastname@example.org Ian email@example.com:au Cameron Humphries firstname.lastname@example.org Phil Thomas email@example.com Peter Samuel Peter.Samuel@nms.otc.com.au Eckhard R|ggeberg firstname.lastname@example.org Ian Chisholm email@example.com Kai Grossjohann firstname.lastname@example.org Kyle Strohm email@example.com Jason firstname.lastname@example.org Ravi Narayan email@example.com M. Todd Gamble firstname.lastname@example.org Kevin McElearney email@example.com Tim Beyea beyea@ERC.MsState.Edu Manish Bhatia firstname.lastname@example.org Paul R. Joslin pjoslin@optic_nerve.mbvlab.wpafb.af:mil Jeff Alge email@example.com Hal firstname.lastname@example.org:edu Maureen Kemp email@example.com:gov Nick firstname.lastname@example.org:com Wojtek email@example.com:pl firstname.lastname@example.org:de email@example.com
Thanks very much once again to all of you for quick response. ___________________________ Parul Patel Xerox Corporation 435 West Commercial Street, 803-01A East Rochester, NY 14445 Voice: (716) 383-6284 (Internal: 8*223-6284) Fax: (716) 383-7395 (Internal: 8*223-7395) EMail: parul.Roch803@Xerox.com (Internal: parul:Roch803:Xerox)
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:08:04 CDT