From: Peter N Lewis on Sun, Nov 1, 1992 8:25 PM Subject: Re: Installing Anonymous FTP: INSTRUCTIONS ============= Installing anonymous FTP on a Sun workstation (under 4.1.1, 4.1.2) 1) Create the user ftp in /etc/passwd. Use a misc group. The user`s home directory will be ~ftp where ~ftp is the root you wish anonymous users to see. Use an invalid password and user shell for better security. The entry in the passwd file should look something like: ftp:*:400:400:Anonymous FTP:/home/ftp:/bin/true 2) Run the following script, after modifying it to set the YOU variable to whoever is going to admin your ftp site (this is used to set the owner of ~ftp/pub and ~ftp/incoming). *** Cut here #!/bin/sh # Set this to whoever will maintain your ftp site. root is probably a good bet. # Your username is another possibility. ftp is NOT! No directories or files # inside ~ftp should be owned by ftp. YOU=peter # No other parameters should need to be changed # Get the UID of YOU and ftp YOUUID=`grep "^$YOU:" /etc/passwd | cut -d: -f3` if [ "x" = "x$YOUUID" ]; then echo User $YOU not found exit fi FTPDIR=`grep "^ftp:" /etc/passwd | cut -d: -f6` if [ "x" = "x$FTPDIR" ]; then echo ftp home directory not found exit fi # Find the correct libc.so and libdl.so LIBC=`ls /usr/lib/libc.so.* | tail -1` LIBDL=`ls /usr/lib/libdl.so.* | tail -1` # Actually The directories can be 111 instead 555... Rob M. install -d -o $YOU -g wheel -m 755 $FTPDIR cd $FTPDIR install -d -o root -g wheel -m 555 bin install -o root -g wheel -m 111 /usr/bin/ls bin install -d -o root -g wheel -m 555 dev install -d -o root -g wheel -m 555 etc install -d -o $YOU -g wheel -m 722 install install -d -o $YOU -g wheel -m 755 pub install -d -o root -g wheel -m 555 usr install -d -o root -g wheel -m 555 usr/lib install -o root -g wheel -m 555 /usr/lib/ld.so usr/lib install -o root -g wheel -m 555 $LIBC usr/lib if [ "x" != "x$LIBDL" ]; then install -o root -g wheel -m 555 $LIBDL usr/lib fi install -d -o root -g wheel -m 555 usr/share install -d -o root -g wheel -m 555 usr/share/lib install -d -o root -g wheel -m 555 usr/share/lib/zoneinfo install -o root -g wheel -m 444 /usr/share/lib/zoneinfo/localtime usr/share/l ib/zoneinfo mknod dev/zero c 3 12 chown root.wheel dev/zero chmod 444 dev/zero echo "wheel:*:0:" >etc/group chown root.wheel etc/group chmod 444 etc/group echo "root:*:0:0:::" >etc/passwd if [ $YOUUID != 0 ]; then echo "ftpadmin:*:$YOUUID:0:::" >>etc/passwd fi chown root.wheel etc/passwd chmod 444 etc/passwd exit *** End of script WARNING: Neither the home directory (~ftp) nor any directory below it should be owned by ftp! Modern ftp daemons support all kinds of useful commands, such as chmod, that allow outsiders to undo your careful permission settings. (Thanks to Wietse Venema for that note!) WARNING: If you don't wish to have a place for anonymous users to leave files, delete the directory ~ftp/incoming. This directory is created write-only (722), so people can't use your site as a storage place, but even so you may not want it. NOTE: You could save some space and simplify the script by using a statically linked ls. I tried this and it didn't work for me, but if someone could get a statically linked ls, and hack the above script to get rid of the excess baggage, put the two files in an archive and make it available, that would be good. _______________________________________________________________________ Peter N Lewis, NCRPDA, Curtin University peter@cujo.curtin.edu.au GPO Box U1987, Perth WA 6001, AUSTRALIA Ph: +61 9 368 2055