[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re[2]: limit ftp access
On 2000-09-03 at 01:13 Wojciech Scigala wrote:
>Well, good idea. Using ipnat I could make them all using 21 port,
>because those to be limited are on different network interface then the
>other.
>The only problem is - how to force ftpd to use different config files?
OpenBSD ftpd doesn't use config files, as far as I can see in the man page, but command line options. Since ftpd is normally started from inetd, you would have to add an entry to /etc/inetd.conf, and restart inetd.
For example, you could add the following to /etc/services:
naftp-data 2120/tcp # non-anonymous ftp data port
naftp 2121/tcp # non-anonymous ftp control port
Modify the existing ftp line in /etc/inetd.conf to (the -A option is to permit anonymous access only):
ftp stream tcp nowait root /usr/libexec/ftpd ftpd -USA
and add a line:
naftp stream tcp nowait root /usr/libexec/ftpd ftpd -US
However, this whole scheme turns out to be not very useful, since the "second" ftpd will also allow anonymous connections; and it has no command line option to explicitly disbable those. :(
The only option I can see for now is hacking ftpd, or running an alternate ftpd, but be warned that most other ftpd's have severe security problems.
Cheers,
--
Dimitry Andric <dim@xs4all.nl>
PGP key: http://www.xs4all.nl/~dim/dim.asc
KeyID: 4096/1024-0x2E2096A3
Fingerprint: 7AB4 62D2 CE35 FC6D 4239 4FCD B05E A30A 2E20 96A3