# Anonymous FTP server



## c00kie (May 4, 2012)

From the manual:


> Be aware of the potential problems involved with running an anonymous FTP server. In particular, you should think twice about allowing anonymous users to upload files. You may find that your FTP site becomes a forum for the trade of unlicensed commercial software or worse. If you do need to allow anonymous FTP uploads, then you should set up the permissions so that these files can not be read by other anonymous users until they have been reviewed.



Does this tutorial address the quote from the manual?

I don't fully understand the quote. 



> then you should set up the permissions so that these files can not be read by other anonymous users until they have been reviewed.



How do you 'review' an anonymous user?


----------



## anon12b (May 4, 2012)

No, the tutorial does not address the problem mentioned, in as far as I can see.

Allow me to paraphrase the quote:


> When an anonymous user uploads a file, that file should not be visible to other anonymous users.  You should review the file, and ensure it meets the criteria under which you serve files.  When you have reviewed the file, you can change the permissions to make it visible to other anonymous users.



Does that help?  Essentially, it means reviewing the file, and not the user.


----------



## SirDice (May 4, 2012)

c00kie said:
			
		

> How do you 'review' an anonymous user?


You don't review the anonymous user, you review the files that were uploaded by an anonymous user.


----------



## c00kie (May 4, 2012)

anon12b said:
			
		

> No, the tutorial does not address the problem mentioned, in as far as I can see.
> Does that help?  Essentially, it means reviewing the file, and not the user.



Thanks. Assuming files were uploaded to a folder /var/ftp - would setting permissions on the folder solve it then? e.g.

`# chmod g= /var/ftp`

If not, could you suggest something? 

Thanks in advance.


----------



## anon12b (May 4, 2012)

There is one note that may be of use to you: the -u option. It allows you to make a file creation umask(2), and thus you could set it do that these files are unreadable. By default, anonymous users cannot modify existing files, so this should be adequate. For clarity, sanity, and cleanliness, I would recommend you create a special upload directory, and make sure that is the only writable part of the FTP file system. 

It is possible to set the daemon to only allow writing, but I am guessing that is not what you want.


----------



## c00kie (May 5, 2012)

anon12b said:
			
		

> There is one note that may be of use to you: the -u option. It allows you to make a file creation umask(2), and thus you could set it do that these files are unreadable. By default, anonymous users cannot modify existing files, so this should be adequate. For clarity, sanity, and cleanliness, I would recommend you create a special upload directory, and make sure that is the only writable part of the FTP file system.



So if I create an FTP user like this:

```
# adduser
Username: ftp
Full name: FTP User
Uid (Leave empty for default):
Login group [ftp]:
Login group is ftp. Invite ftp into other groups? []:
Login class [default]:
Shell (sh csh tcsh zsh nologin) [sh]: zsh
Home directory [/home/ftp]: /home/ftp/uploads
Home directory permissions (Leave empty for default): -u
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]: yes
Use a random password? (yes/no) [no]:
Enter password:
Enter password again:
Lock out the account after creation? [no]: no
Username   : ftp
Password   : 
Full Name  : FTP User
Uid        : 1001
Class      :
Groups     : ftp
Home       : /home/ftp
Shell      : /usr/local/bin/zsh
Locked     : no
OK? (yes/no): yes
adduser: INFO: Successfully added (ftp) to the user database.
Add another user? (yes/no): no
Goodbye!
#
```

You think that should be safe? I*'*ve used shared hosts in the past, and they always issue passwords for their FTP logins. Is this just a case of enabling this:


```
Use password-based authentication? [yes]: yes
```

in the above? Or how do they configure their servers to use passwords?


----------



## johnd (May 5, 2012)

I would prefer to assign the /usr/sbin/nologin shell to the ftp user. Additional information can be found here:
ftpd(8)
http://www.freebsddiary.org/ftp-anonymous.php
http://www.openbsd.org/faq/faq10.html#AnonFTP


----------



## c00kie (May 5, 2012)

johnd said:
			
		

> I would prefer to assign the /usr/sbin/nologin shell to the ftp user. Additional information can be found here:
> ftpd(8)
> http://www.freebsddiary.org/ftp-anonymous.php
> http://www.openbsd.org/faq/faq10.html#AnonFTP



Indeed. Most observant. It's a cut and paste typo. 

thanks..


----------



## anon12b (May 6, 2012)

Sorry for the misunderstanding, the -u option is to ftpd(8).  I edited my reply, and it no longer included that clarification.


----------



## c00kie (May 6, 2012)

Anonymous FTP is a bit of a mystery for now. Since I'm not that confident with it; I won't even open this security hole right now. I'm going to use SFTP, and put my trust in  good old public key exchange encryption with SSH tunnelling.


----------

