Setting Up Anonymous FTP

As you have seen, setting up the FTP server to allow real users to have FTP access is not difficult. Unfortunately , it suffers from the basic design vulnerability of transmitting the user's information in clear text. In some instances, you can reduce this risk by setting up an anonymous FTP server instead. Anonymous FTP servers allow users to connect, upload, and ( potentially ) download files without the use of a real-user user ID and password. Of course, this brings the risk that you will not know who is logging in to your system via the anonymous FTP service, and preventing unauthorized users from accessing the system is difficult if everyone's known only as "anonymous." But if anonymous users can't do anything damaging , or see any data that's private while so connected, this might be a good tradeoff for the security of not allowing real user connections and the problems this brings. Anonymous FTP servers also are useful for enabling users with no account on your machine to acquire or provide information, such as to download product literature, or upload suggestions or possible modifications to a project on which you're working.

Setting up the FTP server to allow anonymous FTP unfortunately takes some work, and potentially makes your machine vulnerable to more attacks. We recommend that you do not enable anonymous without having a good reason. However, we more strongly recommend against enabling unprotected FTP for real users.

Setting up anonymous FTP involves making an ftp user, whose home directory is where anonymous FTP users connect. Additionally, you copy the necessary system components to ftp 's account so that users can run ls properly. When a user requests a list of files via the FTP ls command, the command that is actually executed is a server-side binary program kept in a special directory for the FTP server's use, the home directory of the ftp user. When the FTP server is chroot ed, it can't access /bin/ls ; therefore, placing a copy of ls and any other system components that the FTP server needs in a special directory is normally a very important step. However, with the Mac OS X 10.2 release, the system components don't seem to help for running ls . This isn't a problem with the lukemftp-1.2beta2 release, or with the wu- ftpd that is discussed later because both FTP servers can provide an internal ls . Because it's hard to predict how a new release of either system software or FTP server software will change things, we include the steps for the system components to install when you don't have to rely on the FTP server having its own ls . Steps 510 listed in the following pages include the instructions for copying the appropriate system components.

To set up an anonymous FTP site, do the following:

1. Create an ftp user in the NetInfo database. Follow the pattern of one of the generic users, such as user unknown . You might start by duplicating the unknown user and editing the duplicate user. Create your ftp user with the basic parameters shown in Table 12.4.

   Table 12.4. Basic Parameters for an ftp User

   Property	Value
   name	ftp
   realname	<some generic reference to ftp>
   uid	<some unused uid number>
   passwd	*
   home	<some suitable location>
   shell	/dev/null
   gid	<some unused gid number>
   change
   expire

   Figure 12.2 shows the values we used for our ftp user. The asterisk value for the passwd field is literalthis is a disallowed character in crypt ed passwords, and prevents logins that use this ID.

   Figure 12.2. Here's how we chose to create our ftp user, as shown in NetInfo Manager.

   

2. Create an ftp group in the NetInfo database. Make sure that you assign the same gid to the ftp group that you indicated for the ftp user.

3. Create a home directory for user ftp . Make sure that you create the directory that you specified in the NetInfo database ( /Users/ftp in this example). The directory should be owned by root and have permissions 555 .

4. Create a ~ftp/bin/ directory, owned by root with permissions 555 .

5. Copy the system's /bin/ls to ~ftp/bin/ .

6. Create ~ftp/usr/lib/ . Each of those directories should be owned by root with permissions 555 .

7. Copy the system's /usr/lib/dyld to ~ftp/usr/lib/ . This is one of the files that helps ls function properly in this chroot ed environment.

8. Copy the system's /usr/lib/libSystem.B.dylib to ~ftp/usr/lib/ . This is another file that helps ls function properly in the chroot ed environment.

9. Create ~ftp/System/Library/Frameworks/System.framework/Versions/B/ . Each of the directories in this path should be owned by root with permissions 555 .

10. Copy the system's /System/Library/Frameworks/System.framework/Versions/B/System to ~ftp/System/Library/Frameworks/System.framework/Versions/B/ . This is another file that helps ls function properly in the chroot ed environment.

11. Create a ~ftp/pub/ directory in which files can be stored for download. Recommended ownership of this directory includes some user and group ftp or user root . Typical permissions for this directory are 755 .

12. If you also want to make a drop location where files can be uploaded, create ~ftp/incoming/ , owned by root . Recommended permissions include 753 , 733 , 1733 , 3773 , or 777 . You could also create ~ftp/incoming/ with permissions 751 and subdirectories that are used as the drop locations with any of the recommended drop-off permissions.

If you decide to allow anonymous FTP, make sure that you regularly check the anonymous FTP area and your logs for any unusual activity. In addition, regularly check Apple's Web site for any updates for Mac OS X that include ftp updates. Security holes are regularly found in ftpd and regularly fixed.

For your convenience, here's a listing of our ftp user's home directory:

 #  ls -lRaF ftp  total 0 dr-xr-xr-x  7 root  wheel  238 Sep 13 00:04 ./ drwxrwxr-t  8 root  wheel  272 Sep 12 23:56 ../ dr-xr-xr-x  3 root  wheel  102 Sep 13 00:00 System/ dr-xr-xr-x  3 root  wheel  102 Sep 12 23:57 bin/ drwxr-x-wx  2 root  wheel   68 Sep 13 00:04 incoming/ drwxr-xr-x  2 root  wheel   68 Sep 13 00:04 pub/ dr-xr-xr-x  3 root  wheel  102 Sep 12 23:57 usr/ ftp/System: total 0 dr-xr-xr-x  3 root  wheel  102 Sep 13 00:00 ./ dr-xr-xr-x  7 root  wheel  238 Sep 13 00:04 ../ dr-xr-xr-x  3 root  wheel  102 Sep 13 00:01 Library/ ftp/System/Library: total 0 dr-xr-xr-x  3 root  wheel  102 Sep 13 00:01 ./ dr-xr-xr-x  3 root  wheel  102 Sep 13 00:00 ../ dr-xr-xr-x  3 root  wheel  102 Sep 13 00:02 Frameworks/ ftp/System/Library/Frameworks: total 0 dr-xr-xr-x  3 root  wheel  102 Sep 13 00:02 ./ dr-xr-xr-x  3 root  wheel  102 Sep 13 00:01 ../ dr-xr-xr-x  3 root  wheel  102 Sep 13 00:02 System.framework/ ftp/System/Library/Frameworks/System.framework: total 0 dr-xr-xr-x  3 root  wheel  102 Sep 13 00:02 ./ dr-xr-xr-x  3 root  wheel  102 Sep 13 00:02 ../ dr-xr-xr-x  3 root  wheel  102 Sep 13 00:02 Versions/ ftp/System/Library/Frameworks/System.framework/Versions: total 0 dr-xr-xr-x  3 root  wheel  102 Sep 13 00:02 ./ dr-xr-xr-x  3 root  wheel  102 Sep 13 00:02 ../ dr-xr-xr-x  3 root  wheel  102 Sep 13 00:03 B/ ftp/System/Library/Frameworks/System.framework/Versions/B: total 2440 dr-xr-xr-x  3 root  wheel      102 Sep 13 00:03 ./ dr-xr-xr-x  3 root  wheel      102 Sep 13 00:02 ../ -r-xr-xr-x  1 root  wheel  1245580 Sep 13 00:03 System* ftp/bin: total 56 dr-xr-xr-x  3 root  wheel    102 Sep 12 23:57 ./ dr-xr-xr-x  7 root  wheel    238 Sep 13 00:04 ../ -r-xr-xr-x  1 root  wheel  27668 Sep 12 23:57 ls* ftp/incoming: total 0 drwxr-x-wx  2 root  wheel   68 Sep 13 00:04 ./ dr-xr-xr-x  7 root  wheel  238 Sep 13 00:04 ../ ftp/pub: total 0 drwxr-xr-x  2 root  wheel   68 Sep 13 00:04 ./ dr-xr-xr-x  7 root  wheel  238 Sep 13 00:04 ../ ftp/usr: total 0 dr-xr-xr-x  3 root  wheel  102 Sep 12 23:57 ./ dr-xr-xr-x  7 root  wheel  238 Sep 13 00:04 ../ dr-xr-xr-x  4 root  wheel  136 Sep 12 23:59 lib/ ftp/usr/lib: total 3128 dr-xr-xr-x  4 root  wheel      136 Sep 12 23:59 ./ dr-xr-xr-x  3 root  wheel      102 Sep 12 23:57 ../ -r-xr-xr-x  1 root  wheel   349364 Sep 12 23:58 dyld* -r-xr-xr-x  1 root  wheel  1245580 Sep 12 23:59 libSystem.B.dylib* 

For additional thoughts on anonymous FTP configuration, you might want to check these Web sites:

• CERT Coordination Center's Anonymous FTP Configuration Guidelines http://www.cert.org/tech_tips/anonymous_ftp_config.html

• WU-FTPD Resource Center's Related Documents link http://www.landfield.com/wu-ftpd/

• AppleCare Service & Support http://www. info .apple.com/