ftp security

Jerry McAllister jerrymc at clunix.cl.msu.edu
Tue Aug 16 12:51:10 GMT 2005

> I read http://www.freebsddiary.org/ftp-anonymous.php to try and secrue my ftp server.
> The author sugested to add a line to my fstab:
> /dev/ad2s2f   /home/ftp/incoming ufs  rw,SUIDDIR    2       2
> however i don't have the file ad2s2f in my /dev directory
> # Device                Mountpoint      FStype  Options         Dump    Pass#
> /dev/ad0s1b             none            swap    sw              0       0
> /dev/ad0s1a             /               ufs     rw              1       1
> /dev/ad0s1e             /tmp            ufs     rw              2       2
> /dev/ad0s1f             /usr            ufs     rw              2       2
> /dev/ad0s1d             /var            ufs     rw              2       2
> /dev/acd0               /cdrom          cd9660  ro,noauto       0       0
> #/dev/ad0s              /ftp/incoming   ufs     rw,SUIDDIR      2       2
> [root]/etc-
> i don't really understand the fstab but I gather
> ad0s1 is the drive and a-f is the partitions created at boot time
> basicly i am trying to sticky a directory mounted by fstab

You are only partly right.
The drive slice is ad0s1 - there can be up to 4 slices.
The a-f  (Actually a-h are possible) are partitions within the
slice created when the the disk is partitioned - before a file
system is built on them using newfs.
To use a disk:   (yes, I know you can get by with some shortcutting - don't)
  use fdisk to create slices 1..4 (and write the sector boot block if desired).
  use disklabel to create partitions in the slice[s].
  use newfs to build a filesystem in each partition except swap.
  use mkdir to create a mount point - which is the same as a directory
  use mount to bind the partition to the mount point
  and/or edit /etc/fstab to specify the partition-mount point binding
     and mount -a will look through fstab and do the mounts.
     at boot time the equivalent of a mount -s is done.

Just putting something in /etc/fstab will not be enough.   The file system
needs to be created first.

Having a line  /dev/ad2s2f  /home/ftp/incoming ufs rw,SUIDIR  2   2

implies that you 
 - have a second IDE drive in the machine and 
 - that it has been sliced with fdisk in to at least two slices and 
 - then the slice 2 on disk 2 has had at least an f partition created 
   with disklabel (you can skip letters if you want, a, b, c and d are 
   reserved for certain things by convention, though not by requirement) and
 - then newfs was used to create a filesystem on it and 
 - that the directories /home (normally there anyway), /home/ftp and
   /home/ftp/incoming  were all created by mkdir.
I would skip putting it in /home myself, just to reduce typing
and would just make a /ftpincoming directory right in root (/), but
suit yourself on the naming and arrangement of directories.

Then you can have a separate filesystem to receive incoming ftp uploads 
and not have them affect the other filesystems on your machine.
If you are planning on allowing uploads via ftp, it is a good idea.
On the other hand, if you don't want to allow ftp uploads, then just
don't allow them and skip all that stuff.


> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list