-----Original Message----- From: Keith Warno [mailto:keith@HaggleWare.com] Sent: Thursday, May 25, 2000 12:41 PM To: Thomas, Gregory (NBC, KNBC); Michael J. McGillick Cc: suse-linux-e@suse.com Subject: Re: [SLE] FTP
In a utopia, anonymous users should probably write to an entirely different disk, maybe even on a machine dedicated for anonymous FTP access. But most of us hardly have the needs or cashflow for that matter to make it a reality.
Yes I would be hesitant to allow any Joe Schmoe to write to /usr/ and below. But this is OK if your ftp daemon is sane and you trust your ftp daemon. :)
Yeah, but doesn't having /usr on a separate partition provide the option of mounting /usr read only? Or am I coming from too much of an OpenBSD perspective on that? It just seems to me that a writeable anonymous directory should be on a partition that can handle being filled up. BTW, if /usr is on it's own partition and it fills up does it affect the OS? Greg Because e-mail can be altered electronically, the integrity of this communication cannot be guaranteed. -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Well yeah you could mount /usr read only, if it's on it's own partition, if
you wanted. You could mount any partition read only if you wanted and
thought you wouldn't be writing to it. :)
I believe you can specify file size limitations and the like with most ftp
daemons out there, and of course there's the quota thing. You can set
quotas for the ftp user to prevent nasty anon users from filling up your
partition. Filling up /usr/ would not necessarily be a bad thing since
things usually aren't written there (tmp files, etc). It would merely be an
inconvenience for you and your anon users if that's where the ftp upload
dirs are. :p
kw
/* Keith Warno
** Developer & Sys Admin
** http://www.HaggleWare.com/
*/
----- Original Message -----
From: "Thomas, Gregory (NBC, KNBC)"
I guess the question then becomes how do I specify a different location for ftp access to write to? As a side note, in installing the default rpms for ftp from the SuSE CD, this is where the SuSE distribution is putting things. Even the sample setup of directorys is put there. Is this something that should be posted to the folks at SuSE and ask if they might reconsider the location where the default ftp directory is set up? Or, would this be contrary to what the FHS says is the correct location to put ftp? If not, how do I contact the appropriate person or group and suggest the change? Comments? Thoughts? - Mike On Thu, 25 May 2000, Keith Warno wrote:
Well yeah you could mount /usr read only, if it's on it's own partition, if you wanted. You could mount any partition read only if you wanted and thought you wouldn't be writing to it. :)
I believe you can specify file size limitations and the like with most ftp daemons out there, and of course there's the quota thing. You can set quotas for the ftp user to prevent nasty anon users from filling up your partition. Filling up /usr/ would not necessarily be a bad thing since things usually aren't written there (tmp files, etc). It would merely be an inconvenience for you and your anon users if that's where the ftp upload dirs are. :p
kw /* Keith Warno ** Developer & Sys Admin ** http://www.HaggleWare.com/ */
----- Original Message ----- From: "Thomas, Gregory (NBC, KNBC)"
To: "'Keith Warno'" Cc: Sent: 25 May 2000, Thursday 15:49 Subject: RE: [SLE] FTP Yeah, but doesn't having /usr on a separate partition provide the option of mounting /usr read only? Or am I coming from too much of an OpenBSD perspective on that?
It just seems to me that a writeable anonymous directory should be on a partition that can handle being filled up. BTW, if /usr is on it's own partition and it fills up does it affect the OS?
Greg
Because e-mail can be altered electronically, the integrity of this communication cannot be guaranteed.
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
SuSE people read these list. If it catches their eye, they'll do something
about it. Although it's probably not a high risk scenario.
To specify a different location, you would have to change the ftp user's
entry in /etc/passwd, ie, give the ftp user a different home dir. Move all
the ftp dirs to that new home dir, making sure permissions are what they
should be. (if you have the source for wuftpd you may consider reading
through the docs on how to do all of this). And you may need to make some
changes to /etc/ftp*
kw
/* Keith Warno
** Developer & Sys Admin
** http://www.HaggleWare.com/
*/
----- Original Message -----
From: "Michael J. McGillick"
Hi, On Thu, 25 May 2000, Michael J. McGillick wrote:
I guess the question then becomes how do I specify a different location for ftp access to write to?
As a side note, in installing the default rpms for ftp from the SuSE CD, this is where the SuSE distribution is putting things. Even the sample setup of directorys is put there. Is this something that should be posted to the folks at SuSE and ask if they might reconsider the location where the default ftp directory is set up? Or, would this be contrary to what the FHS says is the correct location to put ftp? If not, how do I contact the appropriate person or group and suggest the change?
Since the FHS is fuzzy about the issue regarding ftp and apache home dirs (which do not belong to /home IMHO), we are working on a proposal (in cooperation with the other distributors) to use a new directory "/export" (IIRC) for this. This is common on other Unices as well. Bye, LenZ -- ------------------------------------------------------------------ Lenz Grimmer SuSE GmbH mailto:grimmer@suse.de Schanzaeckerstr. 10 http://www.suse.de/~grimmer 90443 Nuernberg, Germany -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
participants (4)
-
gregory.thomas@nbc.com
-
grimmer@suse.de
-
keith@HaggleWare.com
-
mike@universe.ne.mediaone.net