Bugtraq mailing list archives
Re: Bad Advise
From: davido () phoenix Princeton EDU (David Lawrence Oppenheimer)
Date: Tue, 26 Jul 1994 19:12:02 -0400 (EDT)
On Tue, 26 Jul 1994, G.J.W. Hagenaars wrote:
Christopher W. Klaus wrote: % Here is some advise from Sun that I highly recommend you DO NOT DO. % % Make the home directory owned by ``ftp'' and unwritable % by anyone. % % I highly recommend you change that to owned by ``root''. I was thinking about ownership of the whole ftp-tree by user `nobody'. Are there any benefits to using `root' instead of `nobody'?
Egad, this is far worse than using owner root. Among other things, 'nobody' is used as the userid on the server side of finger (assuming you have your fingerd service in /etc/inetd.conf defined to run as user nobody, which is the secure thing to do) and of NFS (when a request comes from an unknown user, or from somebody trying to NFS mount a server as root and this permission is disallowed by the /etc/exports configuration).
From the exports(5) man page [SunOS 4.1.3]:
anon=uid If a request comes from an unknown user, use uid as the effective user ID. Note: root users (uid 0) are always considered "unknown" by the NFS server, unless they are included in the "root" option below. The default value for this option is the UID of the user "nobody". If the user "nobody" does not exist then the value 65534 is used. Setting the value of "anon" to 65535 disables anonymous access. Note: by default secure NFS accepts insecure requests as anonymous, and those wishing for extra security can disable this feature by setting "anon" to 65534. Clearly, using nobody is asking for trouble. Best to stick with the conventional wisdom of owner root for ~ftp. David Oppenheimer davido () phoenix Princeton EDU
Current thread:
- Bad Advise, (continued)
- Bad Advise Christopher Klaus (Jul 24)
- Re: Bad Advise smb () research att com (Jul 25)
- Re: Bad Advise Christopher Klaus (Jul 26)
- Re: Bad Advise Chris Ellwood (Jul 25)
- Re: Bad Advise G.J.W. Hagenaars (Jul 26)
- Re: Bad Advise Mark Moraes (Jul 26)
- Re: Bad Advise Philip Yzarn de Louraille (Jul 27)
- Bad Advise Christopher Klaus (Jul 24)
- Re: Bad Advise jim () Tadpole COM (Jul 26)
- Re: Re: Bad Advise Pete Hartman (Jul 26)
- Re: Bad Advise Evil Pete (Jul 26)
- Re: Bad Advise David Lawrence Oppenheimer (Jul 26)
- Re: Bad Advise Harold van Aalderen (Jul 26)
- Re: Bad Advise Christopher Klaus (Jul 26)
- Re: Bad Advise Timothy Newsham (Jul 27)
- -froot??? (AIX rlogin bug) Eric Wedaa (Jul 29)
- Re: -froot??? (AIX rlogin bug) Aaron Eppert (Jul 29)
- Re: -froot??? (AIX rlogin bug) Mark G. Scheuern (Jul 30)
- Re: -froot??? (AIX rlogin bug) Alexander Haiut (Jul 30)
- Re: -froot??? (AIX rlogin bug) Baba Z Buehler (Jul 30)
- Solaris problems? James W. Abendschan (Jul 29)
- Re: Solaris problems? Steve Davis (Jul 30)