Sun Microsystems Sun Workstation 100U System Manager's Manual page 188

FTPD(8C) MAINTENANCE CO:MMANDS
FTPD(8C)
In the last case,
/tpd
takes special measures to restrict the client's access privileges. The server
pertorms a
chroot(2)
command to the home directory
ot
the "ttp" user. In order that system
security is not breached, it is recommended that the "(tp" subtree be constructed with care; the
following rules are recommended.
-ftp) Make the home directory owned by "ttp" and unwritable by anyone.
-(tp/bin)
Make this directory owned by the super-user and unwritable by anyone. The program
18(1)
must be present to support the list commands. This program should have mode 111.
-ttp/etc)
. Make this directory owned by the super-user and unwritable by anyone. The files
PtJ88Wd(5) and group(5) must be present tor the Is command to work properly. These files
should be mode 444.
-ttp/pub)
Make this directory mode 777 and owned by "ttp". Users should then place files which
are to be accessible via the anonymous account in this directory .
SEEALSQ
ftp(IC},
BUGS
There is no support (or aborting commands.
The anonymous account is inherently dangerous and should avoided when possible.
The server must run as the super-user to create sockets with privileged port numbers. It main-
tains an effective user id of the logged in user, reverting to the super-user only when binding
addresses to sockets. The possible security holes have been extensively scrutinized, but are possi-
bly incomplete.
SUD
Release 1.1 Last change: 4 March 1983
33