3. OS Specific needed information and suggestions. (Anonymous FTP)
Description
This article is from the Anonymous FTP FAQ, by Christopher Klaus cklaus@iss.net with numerous contributions by others.
3. OS Specific needed information and suggestions. (Anonymous FTP)
These machines may need dev/tcp:
* Older SVR2 and SVR3 system
* RTU 6.0 (Masscomp, now Concurrent Real Time UNIX),
* AT&T 3B1 and 3B2 machines
[dev/tcp]
These ftpd implementations may require a ~ftp/dev/tcp in order for anonymous ftp to work.
You have to create a character special device with the appropriate major and minor device numbers. The appropriate major and minor numbers of ~ftp/dev/tcp are what the major and minor numbers of /dev/tcp are.
The ~ftp/dev is a directory and ~ftp/dev/tcp is a character special device. Make them owned and grouped by root. Permissions for ~ftp/dev is root read/write/exec and other & group read and exec. The permissions for ~ftp/dev/tcp is root read/write, other & group read.
HPUX
[Logging] If you're using HP's native ftpd, the line in /etc/inetd.conf should execute ftpd -l, which does extra logging.
Solaris 2.x
[Script] Solaris' man page contains a script for installing anonymous ftpd which saves time. You may still want to check over your anonymous ftpd for vulnerabilities.
Command for reading the man page is:
$ man ftpd
SunOS
[Libraries] To set up SunOS to use its shared dynamic libraries, follow these steps:
1. Create the directory ~ftp/usr. This directory is owned by root with permissions 555.
2. Create the directory ~ftp/usr/lib. This directory is owned by root with permissions 555.
3. Copy the runtime loader ld.so into ~ftp/usr/lib for use by ls. ld.so is owned by root with permissions 555.
4. Copy the latest version of the shared C library, libc.so.* into ~ftp/usr/lib for use by ls.
libc.so.* is owned by root with permissions 555.
Note: 4.1.2(or above) users: you also need to copy /usr/lib/libdl.so.* to ~ftp/lib.
5. Create the directory ~ftp/dev. This directory is owned by root with permissions 111.
6. ~ftp/dev/zero is needed by the runtime loader. Move into the directory ~ftp/dev and create it with the command:
mknod zero c 3 12
chown ~ftp/dev/zero to root. Make sure it's readable.
Warning: For novices: Don't try to copy /dev/zero to ~ftp/dev/zero! This is an endless file of zeroes and it will completely fill your filesystem!
7. If you want to have the local time showing when people connect, create the directory ~ftp/usr/share/lib/zoneinfo and copy /usr/share/lib/zoneinfo/localtime
8. If you are bothered by the need for copying your libraries so that you can use Sun's 'ls', which is dynamically linked, you can try to get a statically linked copy of 'ls' instead. The CD-ROM that contains Sun's OS has a statically-linked version of ls. In this case, you can dispense with steps #6-8.
Statically linked versions may be available from the following sources:
If you want a statically linked "ls" get the GNU fileutils off a archive site near you and statically link it.
[Logging] Sun's standard ftpd logs *all* password information. To correct it, install patch:
101640-03 SunOS 4.1.3: in.ftpd logs password info when -d option is
used.
In /etc/inetd.conf find the line that starts with "ftp". At the end of that line, it should read "in.ftpd". Change that to "in.ftpd -dl". In /etc/syslog.conf, add a line that looks like:
daemon.* /var/adm/daemonlog
The information can be separated (or like SunOs4.1.1 does not recognize daemon.* so it requires the following form), such as:
daemon.info /var/adm/daemon.info
daemon.debug /var/adm/daemon.debug
daemon.err /var/adm/daemon.err
Note that the whitespace between the two columns must include at least one TAB character, not just spaces, or it won't work. Of course your log file could be anything you want. Then, create the logfile (touch /var/adm/daemonlog should do). Finally, restart inetd and syslogd, either individually, or by rebooting the system. You should be good to go. If you do not install the patch, make sure the log file is owned by root and mode 600, as the ftp daemon will log *everything*, including users' passwords.
Warning: You want to make all logs root only readable for security reasons If a user mistypes his password for his username, it could be compromised if anyone can read the log files.
Continue to:
My Books
