[wplug] Anonymous FTP and hidden files (security problem?)
Mike Griffin
mike at dmrnetworks.com
Wed Sep 10 11:11:22 EDT 2003
I have 0 experience with vsfptd, more with ProFTPd. I know that you do
not need to allow someone access to a valid shell to allow them to
connect to your FTP server. If vsftpd requires this, you may want to
reconsider using this package. If you are creating these users as
system users, be sure to give them a non valid shell. I.E. /bin/false
The first four files that you are referencing are bash specific. If you
don't want the person to have shell access, or if you don't want bash
to be their shell, you can safely remove these files. On the harsh
end, even if you did remove these files and found out that you needed
them again, you could always copy the defaults back from /etc/skel.
This is where the default files are copied from when the users home
directory is created. The last two files are configuration files and
should be self explanatory of what program they are used with.
Mike
On Wednesday, September 10, 2003, at 10:29 AM, Russ Schneider wrote:
> Alexandros Papadopoulos wrote:
>
>> In such cases (not sure whether something will break or not), it's a
>> good idea to make a backup first.
>> $ tar -cf ftp_home.tar ftp/
>> ...and then make any changes. You can always restore the files in
>> case something breaks.
>
> I didn't actually delete the files, I just moved them off to another
> directory in a different path.
>
> --
> Russ Schneider (a.k.a. Sugapablo)
> http://www.sugapablo.com
>
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
>
More information about the wplug
mailing list