From alan@agora.rdrop.com  Thu Sep 20 09:35:40 2001
Return-Path: <alan@agora.rdrop.com>
Received: from agora.rdrop.com (agora.rdrop.com [199.26.172.34])
	by hub.freebsd.org (Postfix) with ESMTP id D865C37B414
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 20 Sep 2001 09:35:39 -0700 (PDT)
Received: (from alan@localhost)
	by agora.rdrop.com (8.11.4/8.11.4) id f8KGZdt61764;
	Thu, 20 Sep 2001 09:35:39 -0700 (PDT)
	(envelope-from alan)
Message-Id: <200109201635.f8KGZdt61764@agora.rdrop.com>
Date: Thu, 20 Sep 2001 09:35:39 -0700 (PDT)
From: Alan Batie <alan@agora.rdrop.com>
Reply-To: Alan Batie <alan@agora.rdrop.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: Bad advice in ftpd man page
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         30690
>Category:       misc
>Synopsis:       Bad advice in ftpd man page
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    mikeh
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Sep 20 09:40:01 PDT 2001
>Closed-Date:    Mon Oct 15 12:38:26 PDT 2001
>Last-Modified:  Mon Oct 15 12:38:47 PDT 2001
>Originator:     Alan Batie
>Release:        FreeBSD 4.3-STABLE i386
>Organization:
RainDrop Laboratories
>Environment:
System: FreeBSD agora.rdrop.com 4.3-STABLE FreeBSD 4.3-STABLE #3: Wed Sep 5 13:36:38 PDT 2001 root@aggie.rdrop.com:/usr/src/freebsd/sys/compile/AGORA i386


>Description:
	The ftpd man page, in the section on setting up an anonymous
	ftp server, recommends setting ~ftp/pub world writable.  This
	is a good way to end up with a disk full of warez:

	    ~ftp/pub  Make this directory mode 777 and owned by ``ftp''.
                      Guests can then place files which are to be accessible
                      via the anonymous account in this directory.

>How-To-Repeat:
	
>Fix:

        Change to read (or something similar):

	    ~ftp/pub  Make this directory mode 755 and owned by ``ftp''.
		      Place the files you want to share in here with
		      mode 644.  If you want local users to be able to
		      publish files here, create subdirectories for them,
		      owned by their account and group and mode 755.
		      Be sure to warn them not to make anything writeable 
		      by "world", or your disk will end up getting filled
		      with "warez" (illegal copies of software).
>Release-Note:
>Audit-Trail:

From: Alan Batie <alan@agora.rdrop.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:  
Subject: misc/30690: Bad advice in ftpd man page
Date: Thu, 20 Sep 2001 09:35:39 -0700 (PDT)

 >Number:         30690
 >Category:       misc
 >Synopsis:       Bad advice in ftpd man page
 >Confidential:   no
 >Severity:       non-critical
 >Priority:       medium
 >Responsible:    freebsd-bugs
 >State:          open
 >Quarter:        
 >Keywords:       
 >Date-Required:
 >Class:          doc-bug
 >Submitter-Id:   current-users
 >Arrival-Date:   Thu Sep 20 09:40:01 PDT 2001
 >Closed-Date:
 >Last-Modified:
 >Originator:     Alan Batie
 >Release:        FreeBSD 4.3-STABLE i386
 >Organization:
 RainDrop Laboratories
 >Environment:
 System: FreeBSD agora.rdrop.com 4.3-STABLE FreeBSD 4.3-STABLE #3: Wed Sep 5 13:36:38 PDT 2001 root@aggie.rdrop.com:/usr/src/freebsd/sys/compile/AGORA i386
 
 
 >Description:
 	The ftpd man page, in the section on setting up an anonymous
 	ftp server, recommends setting ~ftp/pub world writable.  This
 	is a good way to end up with a disk full of warez:
 
 	    ~ftp/pub  Make this directory mode 777 and owned by ``ftp''.
                       Guests can then place files which are to be accessible
                       via the anonymous account in this directory.
 
 >How-To-Repeat:
 	
 >Fix:
 
         Change to read (or something similar):
 
 	    ~ftp/pub  Make this directory mode 755 and owned by ``ftp''.
 		      Place the files you want to share in here with
 		      mode 644.  If you want local users to be able to
 		      publish files here, create subdirectories for them,
 		      owned by their account and group and mode 755.
 		      Be sure to warn them not to make anything writeable 
 		      by "world", or your disk will end up getting filled
 		      with "warez" (illegal copies of software).
 >Release-Note:
 >Audit-Trail:
 >Unformatted:
 
 To Unsubscribe: send mail to majordomo@FreeBSD.org
 with "unsubscribe freebsd-bugs" in the body of the message

From: Mike Heffner <mheffner@vt.edu>
To: Alan Batie <alan@agora.rdrop.com>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: misc/30690: Bad advice in ftpd man page
Date: Sat, 22 Sep 2001 22:31:50 -0400 (EDT)

 On 20-Sep-2001 Alan Batie wrote:
 | 
 | 
 |         Change to read (or something similar):
 | 
 |           ~ftp/pub  Make this directory mode 755 and owned by ``ftp''.
 |                     Place the files you want to share in here with
 |                     mode 644.  If you want local users to be able to
 |                     publish files here, create subdirectories for them,
 |                     owned by their account and group and mode 755.
 |                     Be sure to warn them not to make anything writeable 
 |                     by "world", or your disk will end up getting filled
 |                     with "warez" (illegal copies of software).
 
 How about the following? (stolen from the lukemftpd manpage)
 
            ~ftp/pub   This directory and the subdirectories beneath it
                       should be owned by the users and groups responsible
                       for placing files in them, and be writable only by
                       them (mode 755 or 775).  They should not be owned or
                       writable by ftp or its group.
 
 
 Mike
 
 -- 
   Mike Heffner     <mheffner@[acm.]vt.edu>
   Blacksburg, VA       <mikeh@FreeBSD.org>
 
State-Changed-From-To: open->analyzed 
State-Changed-By: mikeh 
State-Changed-When: Mon Sep 24 19:48:29 PDT 2001 
State-Changed-Why:  
Committed to current. 


Responsible-Changed-From-To: freebsd-bugs->mikeh 
Responsible-Changed-By: mikeh 
Responsible-Changed-When: Mon Sep 24 19:48:29 PDT 2001 
Responsible-Changed-Why:  
MFC reminder. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=30690 
State-Changed-From-To: analyzed->closed 
State-Changed-By: mikeh 
State-Changed-When: Mon Oct 15 12:38:26 PDT 2001 
State-Changed-Why:  
Fix MFC'd. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=30690 
>Unformatted:
