Creating an Anonymous FTP server with Publicfile

    Date02 Oct 2002
    3746
    Posted ByAnthony Pell
    For many moons I've meant to set up an FTP server for stunnel.org. Not because I like FTP, but because there are times even I find myself without a web browser of any kind. The server needs to support anonymous FTP . . . For many moons I've meant to set up an FTP server for stunnel.org. Not because I like FTP, but because there are times even I find myself without a web browser of any kind. The server needs to support anonymous FTP (ftp without a password) and doesn't need to have the ability for anyone to have 'real' logins. The whole thing should be read-only, no write permissions. And as with everything I support, security is a must.

    There are a boatload of FTP servers, almost all of which have had some vulnerability of some kind - in fact most have had bugs that lead to shell or root access. Many have added on additional security measures, such as the ability to chroot real users as well as anonymous users. However this FTP server's needs are so minimal, any FTP server software with boatloads of configuration options are just overkill.

    So where do I turn? Publicfile. Another offering from Dan Bernstein, author of DJBDNS, another one of my favorite software packages. Publicfile offers both an FTP and HTTP server. I'll only concentrate on the FTP server in this article.

    Publicfile offers an anonymous-only FTP server. When users connect they must supply a username (this is an unavoidable assumption of FTP servers) but no password - not even an email address - is required. It supports both active and passive FTP, and is immune to ftp-bounce attacks. The server chroots to the ftp area and changes to a non-root user. You can easily limit how many users can connect using the power of tcpserver and softlimit. Any directories and files readable by that user are available via FTP. All in all, perfectly paranoid.

    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    13
    radio
    [{"id":"55","title":"Yes","votes":"4","type":"x","order":"1","pct":44.44,"resources":[]},{"id":"56","title":"No","votes":"5","type":"x","order":"2","pct":55.56,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.