Servicios

Web hosting
Ver »
Páginas Web
Ver »
Soporte UNIX
Ver »
UNIX TIPS
Ver »

Setup Anonymous FTP

Anonymous FTP Should be considered a security concern and should be enabled only if it is absolutely necessary. Also, to allow FTP to work properly in a chroot environment, make sure that the file system containing the FTP home directory is not mounted as nosuid.

  1. Crear la esctructura de directorio FTP home directory:
    mkdir /export/ftp/pub
    mkdir /export/ftp/bin
    mkdir /export/ftp/dev
    mkdir /export/ftp/etc
    mkdir /export/ftp/usr
    mkdir /export/ftp/usr/lib
  2. Copiar el binario de ls comand al  FTP bin directory:
    cp /usr/bin/ls /export/ftp/bin
    chmod 111 /export/ftp/bin/ls
  3. Copiar librerias necesarias dentro del  FTP directory:
    cp /usr/lib/ld.so* /export/ftp/usr/lib
    cp /usr/lib/libc.so.1 /usr/lib/libdl.so.1 /export/ftp/usr/lib
    cp /usr/lib/libintl.so.1 usr/lib/libw.so.1 /export/ftp/usr/lib
    cp /etc/passwd /etc/group /etc/netconfig /export/ftp/etc
  4. Copiar archivos necesarios dentro del FTP directory structure a resolver  NIS names:
    cp /usr/lib/nss*.so.1 /export/ftp/usr/lib
    cp /usr/lib/libnsl.so.1 /export/ftp/usr/lib
    cp /usr/lib/straddr.so /export/ftp/usr/lib
    cp /etc/nsswitch.conf /export/ftp/etc
  5. Asignar permisos en  /export/ftp/usr/lib y /export/ftp/etc directories:
    chmod 555 /export/ftp/usr/lib/*
    chmod 444 /export/ftp/etc/*
  6. Asignar permisos a los directorios creados:
    chmod 555 /export/ftp/usr/lib
    chmod 555 /export/ftp/usr
    chmod 555 /export/ftp/bin
    chmod 555 /export/ftp/dev
    chmod 555 /export/ftp/etc
    chmod 755 /export/ftp/pub
    chmod 555 /export/ftp
  7. Agregar la siguiente linea en  /etc/passwd file:
    ftp:x:30000:30000:Anonymous FTP:/export/ftp:/bin/false
  8. Agregar la siguiente linea en  /etc/shadow file:
    ftp:NP:6445::::
  9. Asegurar permisos sean propiedad de root y no de FTP:
    chown -R root /export/ftp
  10.  Enjoy

Regresar


Random TIPS

OpenSSH SFTP chroot() only accounts that need access sftp

OpenSSH 4.8p1 minimal version supported

I made the following changes to /etc/ssh/sshd_config file:

#Subsystem sftp /usr/local/libexec/sftp-server
Subsystem sftp internal-sftp
Match user "user_transfer"
ChrootDirectory /export/home

free counters