From root@a1poweruser.com  Sun Dec 28 10:03:46 2003
Return-Path: <root@a1poweruser.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E5B3A16A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 28 Dec 2003 10:03:45 -0800 (PST)
Received: from smtp.a1poweruser.com (oh-chardon-cmts6a-103.clvdoh.adelphia.net [67.20.101.103])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3C6B443D41
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 28 Dec 2003 10:03:43 -0800 (PST)
	(envelope-from root@a1poweruser.com)
Received: by smtp.a1poweruser.com (Postfix, from userid 0)
	id 91B4510D; Sun, 28 Dec 2003 13:04:16 -0500 (EST)
Message-Id: <20031228180416.91B4510D@smtp.a1poweruser.com>
Date: Sun, 28 Dec 2003 13:04:16 -0500 (EST)
From: fbsd_user@a1poweruser.com
Reply-To: fbsd_user@a1poweruser.com
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: 5.2 Anonymous FTP server out dated.
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         60662
>Category:       bin
>Synopsis:       [sysinstall] 5.2 Anonymous FTP server out dated.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-qa
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Sun Dec 28 10:10:11 PST 2003
>Closed-Date:    Fri Dec 30 14:11:46 GMT 2005
>Last-Modified:  Fri Dec 30 14:11:46 GMT 2005
>Originator:     fbsd_user@a1poweruser.com
>Release:        FreeBSD 5.2 RC2 RELEASE i386
>Organization:
none
>Environment:
System:         FreeBSD 5.2 RC2 RELEASE i386
>Description:
The 5.2 RC2 /stand/sysinstall post install
 config/networking/anonymous FTP server builder is out of date.
The bin and pub directores are nolonger necessary since 4.4.
upload/ download directory should be built just like any other 
user home directory. /etc/ftpchroot file should be auto built 
with anonymous listed as one of the user ID's to chroot.
The -r and -S flag should be added to FTP statment in /etc/inetd.conf file.
Turn on Quotas for all /usr/home and preset to some reasonable small size so
the anonymous directory can not cause the system problems by warez script 
kikkies using it as public dumping grounds. 	
>How-To-Repeat:
	try it your self
>Fix:
rework sysinstall anonymous install option
	



>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-i386->freebsd-qa 
Responsible-Changed-By: arved 
Responsible-Changed-When: Thu May 20 17:53:43 PDT 2004 
Responsible-Changed-Why:  
Over to sysinstall maintainers 

http://www.freebsd.org/cgi/query-pr.cgi?pr=60662 

From: Olafur Osvaldsson <oli@isnic.is>
To: freebsd-gnats-submit@FreeBSD.org
Cc: fbsd_user@a1poweruser.com
Subject: Re: bin/60662: [sysinstall] 5.2 Anonymous FTP server out dated
Date: Sat, 13 Nov 2004 00:41:25 +0000

 --OgqxwSJOaUobr8KG
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 I've attached a patch that:
  - moves the ftpmotd file to /etc/ftpmotd wich is the correct place
  - does not create the ~ftp/bin directory
  - makes skipping the creation of ~ftp/incoming an option by leaving the
    directory name empty.
  - Added text to the Anon-FTP config prompt that points out the previous change
    and advises the user to add -r to the ftpd command-line options in inetd.conf
  - creates pwd.db instead of passwd in ~ftp/etc
  - does not include group and pwd.db entries that start with - or + incase the
    user is using compat mode for the passwd database
 
 My opinion on other suggestions:
  - ~ftp/pub is still mentioned in the ftpd(8) man page and should therefor be made
  - the ftp/anonymous user does not need to be in the ftpchroot file, it is
    chrooted by default
  - not everyone wants all anon downloads logged so the -S should be up to the user
  - quota for the ftp user is not needed if the ~ftp/ dir is not writeable and the
    ftpd(8) has the -r option set
 
 /Oli
 
 -- 
 Olafur Osvaldsson
 Systems Administrator
 Internet a Islandi hf.
 Tel:   +354 525-5291
 Email: oli@isnic.is
 
 --OgqxwSJOaUobr8KG
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: attachment; filename="sysinstall.diff"
 
 diff -ruN sysinstall.orig/anonFTP.c sysinstall/anonFTP.c
 --- sysinstall.orig/anonFTP.c	Thu Mar 11 11:58:15 2004
 +++ sysinstall/anonFTP.c	Sat Nov 13 00:38:18 2004
 @@ -105,7 +105,7 @@
        tconf.homedir, STRINGOBJ, NULL },
  #define LAYOUT_UPLOAD		4
      { 14, 20, 22, ANONFTP_UPLOAD_LEN - 1,
 -      "Upload Subdirectory:", "Designated sub-directory that holds uploads",
 +      "Upload Subdirectory:", "Designated sub-directory that holds uploads (leave empty for none)",
        tconf.upload, STRINGOBJ, NULL },
  #define LAYOUT_OKBUTTON		5
      { 19, 15, 0, 0,
 @@ -248,6 +248,9 @@
  		 "ftpd(8) in inetd.conf(5) for FTP services to be available.  If you\n"
  		 "did not do so earlier, you will have the opportunity to enable inetd(8)\n"
  		 "again later.\n\n"
 +                 "If you want the server to be read-only you should leave the upload\n"
 +                 "directory option empty and add the -r command-line option to ftpd(8)\n"
 +                 "in inetd.conf(5)\n\n"
  		 "Do you wish to continue configuring anonymous FTP?")) {
  	return DITEM_FAILURE;
      }
 @@ -268,9 +271,6 @@
      if (!tconf.group[0])
  	SAFE_STRCPY(tconf.group, FTP_GROUP);
      
 -    if (!tconf.upload[0])
 -	SAFE_STRCPY(tconf.upload, FTP_UPLOAD);
 -    
      /*** If the user did not specify a directory, use default ***/
      
      if (tconf.homedir[strlen(tconf.homedir) - 1] == '/')
 @@ -287,18 +287,19 @@
      if (directory_exists(tconf.homedir)) {
  	msgNotify("Configuring %s for use by anon FTP.", tconf.homedir);
  	vsystem("chmod 555 %s && chown root.%s %s", tconf.homedir, tconf.group, tconf.homedir);
 -	vsystem("mkdir %s/bin && chmod 555 %s/bin", tconf.homedir, tconf.homedir);
 -	vsystem("cp /bin/ls %s/bin && chmod 111 %s/bin/ls", tconf.homedir, tconf.homedir);
 -	vsystem("cp /bin/date %s/bin && chmod 111 %s/bin/date", tconf.homedir, tconf.homedir);
  	vsystem("mkdir %s/etc && chmod 555 %s/etc", tconf.homedir, tconf.homedir);
  	vsystem("mkdir -p %s/pub", tconf.homedir);
 -	vsystem("mkdir -p %s/%s", tconf.homedir, tconf.upload);
 -	vsystem("chmod 1777 %s/%s", tconf.homedir, tconf.upload);
 +        if (tconf.upload[0]) {
 +	    vsystem("mkdir -p %s/%s", tconf.homedir, tconf.upload);
 +	    vsystem("chmod 1777 %s/%s", tconf.homedir, tconf.upload);
 +        }
  	
  	if (DITEM_STATUS(createFtpUser()) == DITEM_SUCCESS) {
  	    msgNotify("Copying password information for anon FTP.");
 -	    vsystem("awk -F: '{if ($3 < 10 || $1 == \"ftp\") print $0}' /etc/passwd > %s/etc/passwd && chmod 444 %s/etc/passwd", tconf.homedir, tconf.homedir);
 -	    vsystem("awk -F: '{if ($3 < 100) print $0}' /etc/group > %s/etc/group && chmod 444 %s/etc/group", tconf.homedir, tconf.homedir);
 +	    vsystem("awk -F: '{if ((substr($1, 1, 1) != \"+\") && (substr($1, 1, 1) != \"-\") && ($3 < 10 || $1 == \"ftp\")) print $0}' /etc/master.passwd > %s/etc/master.passwd", tconf.homedir);
 +	    vsystem("/usr/sbin/pwd_mkdb -d %s/etc %s/etc/master.passwd && chmod 444 %s/etc/pwd.db", tconf.homedir, tconf.homedir, tconf.homedir);
 +	    vsystem("rm -f %s/etc/master.passwd %s/etc/spwd.db", tconf.homedir, tconf.homedir);
 +	    vsystem("awk -F: '{if ((substr($1, 1, 1) != \"+\") && (substr($1, 1, 1) != \"-\") && ($3 < 100)) print $0}' /etc/group > %s/etc/group && chmod 444 %s/etc/group", tconf.homedir, tconf.homedir);
  	    vsystem("chown -R root.%s %s/pub", tconf.group, tconf.homedir);
  	}
  	else {
 @@ -308,8 +309,8 @@
  	
  	if (!msgYesNo("Create a welcome message file for anonymous FTP users?")) {
  	    char cmd[256];
 -	    vsystem("echo Your welcome message here. > %s/etc/%s", tconf.homedir, MOTD_FILE);
 -	    sprintf(cmd, "%s %s/etc/%s", variable_get(VAR_EDITOR), tconf.homedir, MOTD_FILE);
 +	    vsystem("echo Your welcome message here. > /etc/%s", MOTD_FILE);
 +	    sprintf(cmd, "%s /etc/%s", variable_get(VAR_EDITOR), MOTD_FILE);
  	    if (!systemExecute(cmd))
  		i = DITEM_SUCCESS;
  	    else
 
 --OgqxwSJOaUobr8KG--
State-Changed-From-To: open->closed 
State-Changed-By: ceri 
State-Changed-When: Fri Dec 30 14:11:26 UTC 2005 
State-Changed-Why:  
This has been committed over a year ago. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=60662 
>Unformatted:
