Skip to Main Content
Linux Server Security, Second Edition
book

Linux Server Security, Second Edition

by Michael D. Bauer
January 2005
Intermediate to advanced content levelIntermediate to advanced
544 pages
23h 44m
English
O'Reilly Media, Inc.
Content preview from Linux Server Security, Second Edition
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
FTP Security
|
367
do not: the latter three use their own internal versions of ls rather than the system’s,
and function without their own versions of /etc/passwd, etc.
The chroot directory itself and every directory within it should be owned by root,not
by your anonymous FTP account (e.g., ftp) or the daemon’s “run-as” account (e.g.,
nobody). A common configuration error on anonymous-FTP servers is for the FTP
root to be owned by the FTP account, which constitutes a major exposure, since an
anonymous FTP user could write a .rhosts or .forward file to it that extends the
user’s access to the system.
Proper FTP root (chroot jail) ownerships and permissions are illustrated in
Example 11-1, which shows a recursive listing of a sample FTP chroot jail in /var/ftp/.
The directory /var/ftp itself is set up like this:
drwxr-xr-x 2 root root 4096 Apr 16 00:06 ftp
If your FTP server is to be maintained by a non-root user, or if you wish to add files
to the pub/ directory without being root, it’s okay to make the pub/ group writable
and owned by a group to which your non-root account belongs. Since the group
wheel is used on many systems to define which user accounts may perform su root,
and it’s a group to which you or your subadministrators probably already belong, it’s
a logical choice for this ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Linux: Powerful Server Administration

Linux: Powerful Server Administration

Uday Sawant, Oliver Pelz, Jonathan Hobson, William Leemans
Linux Server Hacks

Linux Server Hacks

Rob Flickenger
Linux Server Hacks, Volume Two

Linux Server Hacks, Volume Two

William von Hagen, Brian K. Jones

Publisher Resources

ISBN: 0596006705Supplemental ContentCatalog PageErrata