|
|
The ftp server included in the system provides support for an anonymous ftp account. Because of the inherent security problems with such a facility, you should read this section carefully if you want to provide such a service.
When a client accesses the anonymous ftp account, a chroot(ADM) system call is performed by the server to restrict the client from moving outside that part of the filesystem where the ftp home directory is located. Because a chroot call is used, certain programs and files used by the server process must be placed in the ftp home directory.
It is recommended that you use the FTP Manager to setup anonymous FTP, as shown in the procedure below, since it will install these files for you under the FTP home directory.
scoadmin ftpfrom a shell prompt, or by selecting System Administration->Networks->ftp from the Desktop.
You should now be able to use the ftp command from other systems to reach your system's FTP server and log into the system. Similary, remote browsers should be able to list the FTP home directory using the URL ftp://servername where servername is the network name or IP address of your system.
Files put in the anonymous FTP home directory by local users should be placed in a subdirectory. In the setup described here, the directory ~ftp/pub is used.
For example, you could edit the following line in ~/ftp/etc/passwd:
root:UDOkW7PLd1/ZQ,..EI:0:3:Superuser:/:to read:
root::0:3:Superuser:/:
The ftp server provides a security loophole if certain user accounts are allowed. To prevent this, the file /etc/ftpusers is checked on each connection. If the requested user name is located in the file, the request for service is denied. This file should be owned by root in the sys group, have permissions set to 444, and contain at least the following names:
uucp rootAccounts with nonstandard shells should be listed in this file. Accounts without passwords need not be listed in this file; the ftp server does not service these users.
See also: