Tải bản đầy đủ
[Chapter 13] 13.2 Anonymous FTP

[Chapter 13] 13.2 Anonymous FTP

Tải bản đầy đủ

[Chapter 13] 13.2 Anonymous FTP

13.2.1 Creating an FTP Server
Using the anonymous FTP service offered by a remote server is very simple. However, setting up an
anonymous FTP service on your own system is a little more complicated. Here are the steps to set up
an anonymous FTP server:
1. Add user ftp to the /etc/passwd file.
2. Create an ftp home directory owned by user ftp that cannot be written to by anyone.
3. Create a bin directory under the ftp home directory that is owned by root, and that cannot be
written to by anyone. The ls program should be placed in this directory and changed to mode
111 (execute-only).
4. Create an etc directory in the ftp home directory that is owned by root, and that cannot be
written to by anyone. Create special passwd and group files in this directory, and change the
mode of both files to 444 (read-only).
5. Create a pub directory in the ftp home directory that is owned by root and is only writable by
root, i.e., mode 644. Don't allow remote users to store files on your server, unless it is
absolutely necessary and your system is on a private, non-connected network. If you must
allow users to store files on the server, change the ownership of this directory to ftp and the
mode to 666 (read and write). This should be the only directory where anonymous FTP users
can store files.
The following examples show each of these steps. First, create the ftp home directory and the required
subdirectories. In our example, we create the ftp directory under the /usr directory.
#
#
#
#
#

mkdir /usr/ftp
cd /usr/ftp
mkdir bin
mkdir etc
mkdir pub

Then copy ls to /usr/ftp/bin, and set the correct permissions.
# cp /bin/ls /usr/ftp/bin
# chmod 111 /usr/ftp/bin/ls
Create a group that will be used only by anonymous FTP, a group that has no other members. In our
example we create a group called anonymous. An entry for this new group is added to the /etc/group
file, and a file named /usr/ftp/etc/group is created that contains only this single entry.
anonymous:*:15:
Create a user named ftp by placing an entry for that user in the file /etc/passwd. Also create a file
named /usr/ftp/etc/passwd that contains only the ftp entry. Here's the entry we used in both files:

file:///C|/mynapster/Downloads/warez/tcpip/ch13_02.htm (2 of 4) [2001-10-15 09:19:03]

[Chapter 13] 13.2 Anonymous FTP

ftp:*:15:15:Anonymous ftp:/usr/ftp:
These examples use a GID of 15 and a UID of 15. These are only examples; pick a UID and GID that
aren't used for anything else on your system.
A cat of the newly created /usr/ftp/etc/passwd and /usr/ftp/etc/group files shows the following:
% cat /usr/ftp/etc/passwd
ftp:*:15:15:Anonymous ftp:/usr/ftp:
% cat /usr/ftp/etc/group
anonymous:*:15:
After the edits are complete, set both files to mode 444:
# chmod 444 /usr/ftp/etc/passwd
# chmod 444 /usr/ftp/etc/group
Set the correct ownership and mode for each of the directories. The ownership of /usr/ftp/pub,
/usr/ftp/bin, and /usr/ftp/etc do not need to be changed because the directories were created by root.
#
#
#
#
#
#
#

cd /usr/ftp
chmod 644 pub
chmod 555 bin
chmod 555 etc
cd ..
chown ftp ftp
chmod 555 ftp

If you must allow users to write their own files in the pub directory, make the following changes: [2]
[2] This opens a large security hole. Allow users to write their own files to the
anonymous FTP server only if you must.
# chown ftp pub
# chmod 666 pub
For most UNIX systems, the installation is complete. But if you have a Sun OS 4.x system, a few
more steps are necessary. The dynamic linking used by Sun OS requires that the ftp home directory
contains:
1. The runtime loader
2. The shared C library
3. /dev/zero

file:///C|/mynapster/Downloads/warez/tcpip/ch13_02.htm (3 of 4) [2001-10-15 09:19:03]

[Chapter 13] 13.2 Anonymous FTP

These Sun-specific steps are shown in the following examples. First, create the directory
/usr/ftp/usr/lib, then copy the files ld.so and libc.so.* into the new directory, and set the file
permissions:
#
#
#
#
#
#
#
#

cd /usr/ftp
mkdir usr
mkdir usr/lib
cp /usr/lib/ld.so usr/lib
cp /usr/lib/libc.so.* usr/lib
chmod 555 libc.so.*
chmod 555 usr/lib
chmod 555 usr

Next, create the ftp/dev directory, and run mknod to create dev/zero:
#
#
#
#
#
#

cd /usr/ftp
mkdir dev
cd dev
mknod zero c 3 12
cd ..
chmod 555 dev

Now you can copy the files you wish to make publicly available into /usr/ftp/pub. To prevent these
files from being overwritten by remote users, set the mode to 644 and make sure the files are not
owned by user ftp.
Once you complete the configuration steps necessary for your system, test it thoroughly before
announcing the service. Make sure that your server provides the anonymous FTP service you want,
without providing additional "services" that you don't want (such as allowing anonymous users access
to files outside of the ftp home directory). Anonymous FTP is a potential security risk. If you offer
this service at all, limit the number of systems at your site that provide it (one is usually enough), and
take care to ensure that the installation is done properly.

Previous: 13.1 The World
Wide Web
13.1 The World Wide Web

TCP/IP Network
Administration
Book Index

Next: 13.3 Finding Files
13.3 Finding Files

[ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ]

file:///C|/mynapster/Downloads/warez/tcpip/ch13_02.htm (4 of 4) [2001-10-15 09:19:03]

[Chapter 13] 13.3 Finding Files

Previous: 13.2 Anonymous
FTP

Chapter 13
Internet Information
Resources

Next: 13.4 Retrieving RFCs

13.3 Finding Files
Anonymous FTP requires detailed knowledge from the user. To retrieve a file, you must know the
FTP server and the directory where the file is located. When the network was small, this was not a
major problem. There were a limited number of important FTP servers, and they were well stocked
with files. You could always ftp to a major server and search through some directories using ftp's ls
command. This old approach is not compatible with a large and expanding Internet for two reasons:



There are now thousands of major anonymous FTP servers. Knowing them all is difficult.
There are now millions of Internet users. They cannot all rely on a few well-known servers.
The servers would quickly be overwhelmed with ftp requests.

archie is an application designed to help with this problem. It provides a database of information
about anonymous FTP sites and the files they contain.

13.3.1 archie
archie expands the usefulness of anonymous FTP by helping you locate the file, program, or other
information that you need. archie uses information servers that maintain databases containing
information about hundreds of FTP servers, and thousands of files and programs throughout the
Internet.
archie's primary database is a listing of files and the servers from which the files can be retrieved. In
the simplest sense, you tell archie which file you're looking for, and archie tells you which FTP
servers the file is available from.
archie can be used in four different ways: interactively, through electronic mail, via a Web browser,
or from an archie client. To use archie interactively, telnet to one of the archie servers. [3] Log in
using the username archie and no password. At the archie> prompt, type help to get a full set of
interactive archie commands.
[3] The list of publicly accessible servers is available at
http://www.bunyip.com/products/archie/world/servers.html.

file:///C|/mynapster/Downloads/warez/tcpip/ch13_03.htm (1 of 5) [2001-10-15 09:19:04]

[Chapter 13] 13.3 Finding Files

There are many interactive archie commands, but the basic function of locating a program that is
accessible via anonymous FTP can be reduced to two commands.
prog pattern
Display all files in the database with names that match the specified pattern.
mail address
Mail the output of the last command to address, which is normally your own email address.
The following example uses both of these commands to interactively search for gated-R3_5_5.tar,
and then mail the results of the search to craig@peanut.nuts.com.
% telnet archie.internic.net
Trying 198.49.45.10...
Connected to archie.ds.internic.net.
Escape character is ']'.
UNIX(r) System V Release 4.0 (ds0)
login: archie
# Bunyip Information Systems, Inc., 1993, 1994, 1995
archie> prog gated-R3_5_5.tar
# Search type: sub.
# Your queue position: 1
# Estimated time for completion: 5 seconds.
working... O
Host ftp.zcu.cz
(147.228.206.16)
Last updated 11:32 27 Jun 1997
Location: /pub/security/merit/gated
FILE -r--r--r-- 1460773 bytes Jan 1997 gated-R3_5_5.tar.gz
archie> mail craig@peanut.nuts.com
archie> quit
The archie output provides all of the information you need to initiate an anonymous FTP transfer:




The name of the server (ftp.zcu.cz in our example)
The directory on the server that contains the file (/pub/security/merit/gated in our example)
The full name of the file (gated-R3_5_5.tar.gz in our example)

You can also use archie by sending email to archie at any one of the archie servers; for example,
archie@archie.internic.net. The text of the mail message must contain a valid archie email command.
file:///C|/mynapster/Downloads/warez/tcpip/ch13_03.htm (2 of 5) [2001-10-15 09:19:04]