Mailinglist Archive: opensuse (4343 mails)

< Previous Next >
Re: [SLE] Running an FTP Server with 'root' privs
  • From: Geoff Beaumont <Geoff@xxxxxxxxxxxxxxx>
  • Date: Thu, 21 Nov 2002 17:04:36 +0000
  • Message-id: <3DDD1224.3070508@xxxxxxxxxxxxxxx>
Eric Carbone wrote:
***************

Open a terminal session.
To enable CrushFTP to run properly, issue the following command.

sudo chmod u+s
/System/Library/Frameworks/JavaVM.framework/Versions/1.3.1/Commands/java

PLEASE NOTE!!!!!!!!!!!!!!!!!!

The reason why this is necessary is because ports below 1025 (such as "21"
that an FTP server runs on) are considered reserved ports. Why? Legacy.
So, in order to open a server on port 21 you must have permissions. Either
log into the computer as root (not recommended), or run the server as if you
were the root user (many servers implement this one way or another.)

The command you pasted will allow CrushFTP root access to your computer. It
will also allow any other .jar file you double click on root access. You
have been warned! That said...it works very nice like this. It works like
MacOS 9, Windows, even Linux. It's the Unix backbone that makes this
necessary.

***************

Changing the permissions of the Java runtime environment doesn't strike me as a very smart idea - unless I'm missing something here, this will run all_ Java apps, started by any user of the system, as root...

It will also mean that if the FTP server is compromised, the cracker is much more likely to achieve full root priveleges (since the FTP server already has them). Generally, Linux servers start with root priveleges and then change to a more restricted account once they've bound to the port.

Can anyone suggest what the correct way to handle this would be, with a Java server?

--
Geoff Beaumont
Geoff@xxxxxxxxxxxxxxx


< Previous Next >
References