Newsgroups: comp.sys.mac.comm
Path: utzoo!utgpu!cunews!bnrgate!bwdls61!bnr.ca!bschmidt
From: bschmidt@bnr.ca (Ben Schmidt (BNR))
Subject: Re: Telnet INTO a Mac ?
Message-ID: <1991Mar15.200621.15994@bwdls61.bnr.ca>
Sender: usenet@bwdls61.bnr.ca (Use Net)
References:<1991Mar14.011826.18836@marlin.jcu.edu.au> <18365@milton.u.washington.edu> <1991Mar14.060604.19964@PacBell.COM> <1991Mar15.141509.1224@watserv1.waterloo.edu>
Organization: Bell-Northern Research
Date: Fri, 15 Mar 1991 20:06:21 GMT

In article <1991Mar15.141509.1224@watserv1.waterloo.edu> 
psych@watserv1.waterloo.edu (R. Crispin - Psychology) writes:
> A caution if you use NCSA Telnet to allow FTP to the MAC. YOU CANNOT
> RESTRICT ACCESS IN ANY WAY. People could FTP to your MAC and GET or 
> DELETE or PUT anything, anywhere. I wanted to do this since my machine has 
> our usergroups disk attached and I wanted to let people have access to the
> files on it.

Richard, in your particular case, you can take advantage of the fact
that the files which you want to make network accessible via ftp, are
on a separate volume:  While you can certainly "cd .." to a parent
directory on your Mac *within* the current volume, you can't "cd" to a
separate volume on your Mac, through NCSA Telnet's FTP server, without
first knowing the name of the volume to which you want to switch.

Therefore if you set the transfer directory of your ftp server to the
separate usergroups disk you mentioned, users coming into your Mac
will only be able to "cd" back to your startup disk *if* they know
it's name.  (i.e. by executing cd ":Richard's internal harddisk")

Keep the name of your startup or any other disk(s) a secret. To
further hinder users coming in through ftp, introduce a few non-ascii,
and preverably non-displayable characters into your startup disk name
as well. (Many FTP clients have problems switching to volumes with
non-ascii characters in the target volume name, even if they somehow
discover the name of your startup volume.)

As an alternative approach TCP/Connect II from InterCon has provision for 
anonymous ftp and restricting ftp access in it's ftp server implementation.

Ben Schmidt       Information Technology,   Bell-Northern Research
bschmidt@bnr.ca   FAX:(613) 763-3283  /* My opinions, not BNR's */
