FYI:
I just enabled public ftp access to linus.linux.sgi.com
ftpd runs as user/group ftp/ftp.
The chroot'ed location (~ftp) is /src (where the CVS tree resides)
I made sure that the source tree has no world write permissions
or ftp group write permissions anywhere.
Since IRIX comes only with a dynamically liked '/bin/ls'
I had to add /lib/rld libc.so and /dev/zero rooted at /src
for dir to work. I made all the permissions secure but
another check would be appreciated.
If anyone feels like building the latest wu-ftpd (with all security
patches) and replace the SGI ftpd - welcome.
A web site is planned too. I hope we got a volunteer to set it up.
Let's keep the public areas only on the /src partition. I suggest
/src/www (or some such) for the web doc root.
--
Peace, Ariel
|