[Next] [Previous] [Up] [Top] [Contents]

28.9 Security Loopholes

28.9.5 FTP

FTP is often used for anonymous login and sharing of files (e.g. archives). This should be done in a secure manner (see the Manual). Put an "*" in the password field of user ftp, do a change root to ~ftp, and use a non-valid shell, e.g. /bin/false for the user ftp. You can limit password ftp access to your system with the /etc/ftpusers and /etc/shells files. If the user's name is in the ftpusers file access is denied. If the user's shell is not in the shells file access is denied.


Unix System Administration - 8 AUG 1996
[Next] [Previous] [Up] [Top] [Contents]