i was just wornding about anonymous FTP say i set up an FTP server and i had anonymous logins enabled how would some one login anonymously and also would i be able to control what an anonymous user has access to.
Printable View
i was just wornding about anonymous FTP say i set up an FTP server and i had anonymous logins enabled how would some one login anonymously and also would i be able to control what an anonymous user has access to.
Hey Hey,
Depending on the server and the OS there's usually an allow anonymous logon variable (either text in a config, or a checkbox in the software)... you can turn it on through there.. then it's just username anonymous... password whatever (usually it'll say use your email address.. but as far as i knwo that's more for tracking than anything else)...
As far as controlling it.. it'll either limit the anon access to the default pub directory.. or it'll have another variable you can change..
If you are going to run something like this and ask for advice then you definately need to know which OS you're going to use and which software you are going to run....
Peace,
HT
There is a configuration option somewhere to allow most ftp daemons, when forking a new incarnation of themselves, to chroot() the new process to the home directory of the user connecting to it. An anonymous user could be chrooted to /home/ftp/pub, for example. This would make /home/ftp/pub appear to be the root of the filesystem to any anonymous user connecting via FTP. I'm not sure how to do it though, and it depends on which ftp program you are using.
Thank you for your information it has helped me a lot.
Anonymous logins is a feature on most, if not all, ftp daemons and is one recommended to be off, unless completely secured in a variety of ways. As already mentioned, chroot'ing all logins into their either home directory (for actual users) and into a locked directory for anonymous logins, that's the first thing to do.
This prevents things like this:
Copying old-style /etc/passwd files. The ones using crypt()'d passwords which is incredibly easy to break.
Seeing data that you don't want anonymous (and therefore, unknown) users to see.
Just to name a few.
A good ftp daemon that I (ab)use is VSFtpd (Very Secure FTP Daemon?) and can be located here for further information and the like.
thank you i will be looking into VSftpd.