>We are planning to replace UUCP with anonymous
>FTP for transferring files. I would like to get
>information on security issues of anonymous FTP
>and the do's and don't's. What are the benefits
>of this and what is the latest release of
>anonymous FTP that is considered stable and safe
>enough. Any information will be welcome. Thanks!!
We use the anonymous FTP from logdaemon (a tcp_wrappers addition).
It works very well for this. files put in the incoming directory
are set so that they cannot be read by user ftp after they are finished
putting. This makes it impossible for warez junkies to use your site
for exchanging copyrited software (assuming all your other permissions
are set the same). Make sure you follow the permissions guidelines. They
are usually documented pretty well in the ftpd man page.
incoming directory owend and writable by FTP (world write is discretionary)
pub directory writable by other (local users) but not by owner (ftp)
other directories owned by root (bin, dev, usr, etc) and not writable
[This message posted to firewalls mailing list. Replies posted to
mailing list should not be CC'd to me. I will read them on the list]
Doug Hughes Engineering Network Services
System/Net Admin Auburn University
Pro is to Con as progress is to congress