ftp security
Jerry McAllister
jerrymc at clunix.cl.msu.edu
Tue Aug 16 12:51:10 GMT 2005
>
> I read http://www.freebsddiary.org/ftp-anonymous.php to try and secrue my ftp server.
> The author sugested to add a line to my fstab:
>
> /dev/ad2s2f /home/ftp/incoming ufs rw,SUIDDIR 2 2
>
> however i don't have the file ad2s2f in my /dev directory
>
> # Device Mountpoint FStype Options Dump Pass#
> /dev/ad0s1b none swap sw 0 0
> /dev/ad0s1a / ufs rw 1 1
> /dev/ad0s1e /tmp ufs rw 2 2
> /dev/ad0s1f /usr ufs rw 2 2
> /dev/ad0s1d /var ufs rw 2 2
> /dev/acd0 /cdrom cd9660 ro,noauto 0 0
> #/dev/ad0s /ftp/incoming ufs rw,SUIDDIR 2 2
>
> [root]/etc-
>
> i don't really understand the fstab but I gather
> ad0s1 is the drive and a-f is the partitions created at boot time
>
> basicly i am trying to sticky a directory mounted by fstab
You are only partly right.
The drive slice is ad0s1 - there can be up to 4 slices.
The a-f (Actually a-h are possible) are partitions within the
slice created when the the disk is partitioned - before a file
system is built on them using newfs.
To use a disk: (yes, I know you can get by with some shortcutting - don't)
use fdisk to create slices 1..4 (and write the sector boot block if desired).
use disklabel to create partitions in the slice[s].
use newfs to build a filesystem in each partition except swap.
use mkdir to create a mount point - which is the same as a directory
use mount to bind the partition to the mount point
and/or edit /etc/fstab to specify the partition-mount point binding
and mount -a will look through fstab and do the mounts.
at boot time the equivalent of a mount -s is done.
Just putting something in /etc/fstab will not be enough. The file system
needs to be created first.
Having a line /dev/ad2s2f /home/ftp/incoming ufs rw,SUIDIR 2 2
implies that you
- have a second IDE drive in the machine and
- that it has been sliced with fdisk in to at least two slices and
- then the slice 2 on disk 2 has had at least an f partition created
with disklabel (you can skip letters if you want, a, b, c and d are
reserved for certain things by convention, though not by requirement) and
- then newfs was used to create a filesystem on it and
- that the directories /home (normally there anyway), /home/ftp and
/home/ftp/incoming were all created by mkdir.
I would skip putting it in /home myself, just to reduce typing
and would just make a /ftpincoming directory right in root (/), but
suit yourself on the naming and arrangement of directories.
Then you can have a separate filesystem to receive incoming ftp uploads
and not have them affect the other filesystems on your machine.
If you are planning on allowing uploads via ftp, it is a good idea.
On the other hand, if you don't want to allow ftp uploads, then just
don't allow them and skip all that stuff.
////jerry
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list