Linux 版 (精华区)
发信人: netiscpu (说不如做), 信区: Linux
标 题: [B] Red Hat Linux Unleashed (47)
发信站: 紫 丁 香 (Sat Jul 25 05:03:00 1998), 转信
Setting Up an FTP and Anonymous FTP Site
_________________________________________________________________
o What Is FTP?
# Using FTP
# How FTP Uses TCP
o Configuring FTP
# Setting Up ftpd
# FTP Logins
# Setting Up the Directories
# Setting Permissions
# Test the System
o A More Secure FTP
o Summary
# Checklist Protecting an Anonymous FTP System
_________________________________________________________________
47
Setting Up an FTP and Anonymous FTP Site
Snap question: What is the most widely used TCP/IP and Internet
service? If you answered FTP, you're right. (If you didn't choose FTP,
this may come as a bit of a surprise. The fact is, FTP remains the
most widely used service; although the World Wide Web is quickly
catching up.) FTP's popularity is easy to figure: The FTP software is
supplied with every version of UNIX and Linux, it's easy to install,
configure, and use, and it gives users access to a wealth of
information with very little effort.
If all you want to use FTP for is connecting to another machine and
transferring files, then you don't have to do much more than enable
the FTP service on your system. Much more interesting to many users is
turning your Linux machine into an FTP site, where others can connect
and obtain files you make available. That's the primary focus of this
chapter—setting up an FTP site on your Linux machine. We'll
begin, though, with a quick look at using FTP and the way FTP runs on
TCP. This information should help you understand how FTP works and
what it does with TCP/IP.
What Is FTP?
The File Transfer Protocol (FTP) is one protocol in the TCP/IP family
used to transfer files between machines running TCP/IP. (FTP-like
programs are also available for some other protocols.) The File
Transfer Protocol allows you to transfer files back and forth and
manage directories. FTP is not designed to allow you access to another
machine to execute programs, but it is the best utility for file
manipulation. To use FTP, both ends of a connection must be running a
program that provides FTP services. The end that starts the connection
(the client) calls the other end (the server) and establishes the FTP
protocol through a set of handshaking instructions.
Usually, when you connect to a remote system via FTP, you must log in.
This means you must be a valid user, with a user name and password for
that remote machine. Because it is impossible to provide logins for
everyone who wants to access a machine that enables anyone to gain
access, many systems use "anonymous FTP" instead. Anonymous FTP
enables anyone to log in to the system with the login name of "ftp" or
"anonymous" with either no password, or an e-mail address for their
local system.
Using FTP
Using FTP to connect to a remote site is easy. You have access to the
remote machine either through the Internet (directly or through a
service provider) or through a local area network if the remote
machine is directly reachable. To use FTP, you start the FTP client
software and provide the name of the remote system you want to connect
to. For example, assuming you can get to the remote machine through a
LAN or the Internet (which knows about the remote machine thanks to
Domain Name Service), you issue the following command:
ftp chatton.com
This will instruct your FTP software to try to connect to the remote
machine chatton.com and establish an FTP session.
When the connection is completed (and assuming the remote system
allows FTP logins), the remote will prompt for a user ID. If anonymous
FTP is supported on the system, a message will usually tell you
exactly that. The following is for the Linux FTP archive site
sunsite.unc.edu:
ftp sunsite.unc.edu
331 Guest login ok, send your complete e-mail address as password.
Enter username (default: anonymous): anonymous
Enter password [tparker@tpci.com]:
|FTP| Open
230- WELCOME to UNC and SUN's anonymous ftp server
230- University of North Carolina
230- Office FOR Information Technology
230- SunSITE.unc.edu
230 Guest login ok, access restrictions apply.
FTP>
After the login process is completed, you will see the prompt FTP>
indicating the remote system is ready to accept commands.
When you log on to some systems, you may see a short message that
contains instructions for downloading files, any restrictions that are
placed on you as an anonymous FTP user, or information about the
location of useful files. For example, you may see messages like these
(taken from the Linux FTP site):
To get a binary file, type: BINARY and then: GET "File.Name" newfilename
To get a text file, type: ASCII and then: GET "File.Name" newfilename
Names MUST match upper, lower case exactly. Use the "quotes" as shown.
To get a directory, type: DIR. To change directory, type: CD "Dir.Name"
To read a short text file, type: GET "File.Name" TT
For more, type HELP or see FAQ in gopher.
To quit, type EXIT or Control-Z.
230- If you email to info@sunsite.unc.edu you will be sent help information
230- about how to use the different services sunsite provides.
230- We use the Wuarchive experimental ftpd. if you "get" <directory>.tar.Z
230- or <file>.Z it will compress and/or tar it on the fly. Using ".gz" instead
230- of ".Z" will use the GNU zip (/pub/gnu/gzip*) instead, a superior
230- compression method.
Once you are logged on the remote system, you can use familiar Linux
commands to display file contents and move around directories. To
display the contents of a directory, for example, use the ls command
(some systems support the DOS equivalent dir). To change to a
subdirectory, use the cd command. To return to the parent directory
(the one above the current directory), use the command cd ... As you
can see, these commands are the same as you would use on your local
machine, except you are now navigating on the remote system.
There are no keyboard shortcuts (such as pressing the Tab key to fill
in names that match) available with FTP. This means you have to type
in the name of files or directories in their entirety (and correctly).
If you misspell a file or directory name, you will get error messages
and have to try again. Luckily, if you are performing the FTP session
through X Window, you can cut and paste lines from earlier in your
session.
Transferring files is the whole point of FTP, so you need to know how
to retrieve a file from the remote system, as well as how to put a new
file there. When you have moved through the remote system's
directories and have found a file you want to transfer back to your
local system, use the get command. This is followed by the filename.
For example:
get "soundcard_driver"
This will transfer the file soundcard_driver from the remote machine
to the current directory on your local machine. When you issue a get
command, the remote system will transfer data to your local machine
and display a status message when it is completed. There is no
indication of progress when a large file is being transferred, so be
patient. (Most versions of FTP allow you to use the hash option, which
displays pound signs every time a kilobyte of information has been
transferred. This can be used to show that the transfer is underway,
but it doesn't offer a time to completion.)
FTP> get "file1.txt"
200 PORT command successful.
150 BINARY data connection for FILE1.TXT (27534 bytes)
226 BINARY Transfer complete.
27534 bytes received in 2.35 seconds (12 Kbytes/s).
If you want to transfer a file the other way (from your machine to the
remote, assuming you are allowed to write to the remote machine's file
system), use the put command in the same way. The command:
put "comments"
will transfer the file comments from your current directory on the
local machine (you can specify full pathnames) to the current
directory on the remote machine (unless you change the path).
The commands get (download) and put (upload) are always relative to
your home machine. You are telling your system to get a file from the
remote and put it on your local machine, or to put a file from your
local machine onto the remote machine. (This is the exact opposite of
telnet, which has everything relative to the remote machine. It is
important to remember which command moves in which direction, or you
could overwrite files accidentally.)
The quotation marks around the filenames in the preceding examples are
optional for most versions of FTP, but they do prevent shell expansion
of characters, so it's best to use them. For most files, the quotation
marks are not needed, but using them is a good habit to get into.
Some FTP versions provide a wildcard capability using the commands
mget and mput. Both the FTP get and put commands usually transfer only
one file at a time, which must be completely specified (no wildcards).
The mget and mput commands enable you to use wildcards. For example,
to transfer all the files with a .doc extension, you could issue the
command:
mget *.doc
You will have to try the mget and mput commands to see if they work on
your FTP version. (Some FTP get and put commands allow wildcards, too,
so you can try wildcards in a command line to see if they work,
instead.)
FTP allows file transfers in several formats, which are usually system
dependent. The majority of systems (including Linux systems) have only
two modes: ASCII and binary. Some mainframe installations add support
for EBCDIC, while many sites have a local type that is designed for
fast transfers between local network machines (the local type may use
32- or 64-bit words).
The difference between the binary and ASCII modes is simple. Text
transfers use ASCII characters separated by carriage return and
new-line characters. Binary mode allows transfer of characters with no
conversion or formatting. Binary mode is faster than text and also
allows for the transfer of all ASCII values (necessary for non-text
files). FTP cannot transfer file permissions because these are not
specified as part of the protocol.
Linux' FTP provides two modes of file transfer: ASCII and Binary. Some
systems automatically switch between the two when they recognize a
file is binary format, but you shouldn't count on the switching unless
you've tested it before and know it works. To be sure, it is a good
idea to manually set the mode. By default, most FTP versions start up
in ASCII mode, although a few start in Binary.
To set FTP in binary transfer mode (for any executable file or file
with special characters embedded for spreadsheets, word processors,
graphics, and so on), type the command
binary
You can toggle back to ASCII mode with the command ascii. Since you
will most likely be checking remote sites for new binaries or
libraries of source code, it is a good idea to use binary mode for
most transfers. If you transfer a binary file in ASCII mode, it will
not be usable on your system.
ASCII mode includes only the valid ASCII characters and not the 8-bit
values stored in binaries. Transferring an ASCII file in Binary mode
does not affect the contents except in very rare instances.
To quit FTP, type the command quit or exit. Both will close your
session on the remote machine, and then terminate FTP on your local
machine. Users have a number of commands available within most
versions of FTP. The following list outlines the ones most frequently
used:
ascii Switches to ASCII transfer mode
binary Switches to binary transfer mode
cd Changes directory on the server
close Terminates the connection
del Deletes a file on the server
dir Displays the server directory
get Fetches a file from the server
hash Displays a pound character for each block transmitted
help Displays help
lcd Changes directory on the client
mget Fetches several files from the server
mput Sends several files to the server
open Connects to a server
put Sends a file to the server
pwd Displays the current server directory
quote Supplies an FTP command directly
quit Terminates the FTP session
For most versions, FTP commands are case sensitive, and using upper
case will display error messages. Some versions perform a translation
for you, so it doesn't matter which case you use. Since Linux uses
lower case as its primary character set for everything else, you
should probably use lower case with all versions of FTP, too.
How FTP Uses TCP
The File Transfer Protocol uses two TCP channels: TCP port 20 is used
for data, and port 21 is for commands. Both these channels must be
enabled on your Linux system for FTP to function. The use of two
channels makes FTP different from most other file transfer programs.
By using two channels, TCP allows simultaneous transfer of FTP
commands and data. FTP works in the foreground and does not use
spoolers or queues.
FTP uses a server daemon that runs continuously and a separate program
that is executed on the client. On Linux systems, the server daemon is
called ftpd. The client program is ftp.
During the establishment of a connection between a client and server,
and whenever a user issues a command to FTP, the two machines transfer
a series of commands. These commands are exclusive to FTP and are
known as the internal protocol. FTP's internal protocol commands are
four-character ASCII sequences terminated by a new-line character,
some of which require parameters. One primary advantage of using ASCII
characters for commands is that users can observe the command flow and
understand it easily. This helps in a debugging process. Also, the
ASCII commands can be used directly by a knowledgeable user to
communicate with the FTP server component without invoking the client
portion (in other words, communicating with ftpd without using ftp on
a local machine); this is seldom used except when debugging (or
showing off).
After logging into a remote machine using FTP, you are not actually on
the remote machine. You are still logically on the client, so all
instructions for file transfers and directory movement must be with
respect to your local machine and not the remote one. The process
followed by FTP when a connection is established is:
1. Login—Verify user ID and password
2. Define directory—Identify the starting directory
3. Define file transfer mode—Define the type of transfer
4. Start data transfer—Allow user commands
5. Stop data transfer—Close the connection
These steps are performed in sequence for each connection.
A debugging option is available from the FTP command line by adding -d
to the command. This displays the command channel instructions.
Instructions from the client are shown with an arrow as the first
character, while instructions from the server have three digits in
front of them. A PORT in the command line indicates the address of the
data channel on which the client is waiting for the server's reply. If
no PORT is specified, channel 20 (the default value) is used.
Unfortunately, the progress of data transfers cannot be followed in
the debugging mode. A sample session with the debug option enabled is
shown here:
$ ftp -d tpci_hpws4
Connected to tpci_hpws4.
220 tpci_hpws4 FTP server (Version 1.7.109.2
_Tue Jul 28 23:32:34 GMT 1992) ready.
Name (tpci_hpws4:tparker):
—> USER tparker
331 Password required for tparker.
Password:
—> PASS qwerty5
230 User tparker logged in.
—> SYST
215 UNIX Type: L8
Remote system type is UNIX.
—> Type I
200 Type set to I.
Using binary mode to transfer files.
ftp> ls
—> PORT 47,80,10,28,4,175
200 PORT command successful.
—> TYPE A
200 Type set to A.
—> LIST
150 Opening ASCII mode data connection for /bin/ls.
total 4
-rw-r—— 1 tparker tpci 2803 Apr 29 10:46 file1
-rw-rw-r— 1 tparker tpci 1286 Apr 14 10:46 file5_draft
-rwxr—— 2 tparker tpci 15635 Mar 14 23:23 test_comp_1
-rw-r—— 1 tparker tpci 52 Apr 22 12:19 xyzzy
Transfer complete.
—> TYPE I
200 Type set to I.
ftp> <Ctrl-d>
$
You may have noticed in the preceding listing how the mode changed
from binary to ASCII to send the directory listing, and then back to
binary (the system default value).
Configuring FTP
Whether you decide to provide an anonymous FTP site or a user-login
FTP system, you need to perform some basic configuration steps to get
the FTP daemon active and get the directory system and file
permissions properly set to prevent users from destroying or accessing
files they shouldn't. The process can start with choosing an FTP site
name. You don't really need a site name, although it can be easier for
others to access your machine with one (especially anonymously). The
FTP site name is of the format:
ftp.domain_name.domain_type
where domain_name is the domain name (or an alias) of the FTP server's
domain, and domain_type is the usual DNS extension. For example, you
could have an FTP site name of
ftp.tpci.com
showing that this is the anonymous FTP access for anyone accessing the
tpci.com domain. It is usually a bad idea to name your FTP site with a
specific machine name, such as:
ftp.merlin.tpci.com
because this makes it difficult to move the FTP server to another
machine in the future. Instead, use an alias to point to the actual
machine on which the FTP server sits. This is not a problem if you are
a single machine connected to the Internet through a service provider,
for example, but it is often necessary with a larger network. The
alias is easy to set up if you use DNS. Set the alias in the DNS
databases with a line like this:
ftp IN CNAME merlin.tpci.com
This line points anyone accessing the machine ftp.tpci.com to the real
machine merlin.tpci.com. If the machine merlin has to be taken out of
its FTP server role for any reason, a change in the machine name on
this line will point the ftp.tpci.com access to the new server. (A
change in the alias performed over DNS can take a while to become
active because the change must be propagated through all the DNS
databases.)
Setting Up ftpd
The FTP daemon, ftpd, must be started on the FTP server. The daemon is
usually handled by inetd instead of the rc startup files, so ftpd is
only active when someone needs it. This is the best approach for all
but the most heavily loaded FTP sites. When started using inetd, the
inetd daemon watches the TCP command port (channel 21) for an arriving
data packet requesting a connection, and then spawns ftpd.
Make sure the ftpd daemon can be started by inetd by checking the
inetd configuration file (usually /etc/inetd.config or
/etc/inetd.conf) for a line that looks like this:
ftp stream tcp nowait root /usr/etc/ftpd ftpd -l
If the line doesn't exist, add it to the file. With most Linux
systems, the line is already in the file, although it may be commented
out. Remove the comment symbol if this is the case. The FTP entry
essentially specifies to inetd that FTP is to use TCP, and that it
should spawn ftpd every time a new connection is made to the FTP port.
In the preceding example, the ftpd daemon is started with the -l
option, which enables logging. You can ignore this option if you want.
You should replace the pathname /usr/etc/ftpd with the location of
your FTP daemon.
There are several ftpd daemon options that you can add to the
/etc/inetd.config line to control ftpd's behavior. The following list
contains the most commonly used options:
* -d Adds debugging information to the syslog.
* -l Activates a logging of sessions (only failed and successful
logins, not debug information). If the -l option is specified
twice, all commands are logged, too. If specified three times, the
size of all get and put file transfers are added as well.
* -t Sets the timeout period before ftpd terminates after a session
is concluded (default is 15 minutes). The value is specified in
seconds after the -t option.
* -T Sets the maximum timeout period (in seconds) that a client can
request. The default is two hours. This lets a client alter the
normal default timeout for some reason.
* -u Sets the umask value for files uploaded to the local system.
The default umask is 022. Clients can request a different umask
value.
FTP Logins
If you are going to set up a user-based FTP service where each person
accessing your system has a valid login name and password, then you
must create an account for each user in the /etc/passwd file. If you
are not allowing anonymous FTP access, do not create a generic login
that anyone can use.
To set up an anonymous FTP server, you must create a login for the
anonymous user ID (if one doesn't already exist; many versions of
Linux have the entry already completed upon installation). This is
done in the normal process of adding a user to the /etc/passwd file.
The login name is whatever you want people to use when they access
your system, such as anonymous or ftp. You need to select a login
directory for the anonymous users that can be protected from the rest
of the file system. A typical /etc/passwd entry looks like this:
ftp:*:400:51:Anonymous FTP access:/usr/ftp:/bin/false
This sets up the anonymous user with a login of ftp. The asterisk
password prevents anyone gaining access to the account. The user ID
number (400) is, of course, unique to the entire system. For better
security, it is a good idea to create a separate group just for the
anonymous FTP access (edit the /etc/group file to add a new group),
then set the ftp user to that group. Only the anonymous FTP user
should belong to that group because it can be used to set file
permissions to restrict access and make your system more secure. The
login directory in the preceding example is /usr/ftp, although you
could choose any directory as long as it belongs to root (for security
reasons, again). The startup program shown in the preceding example is
/bin/false, which helps protect your system from access to accounts
and utilities that do not have a strong password protection.
Setting Up the Directories
As you will see in the next section, "Setting Permissions," you can
try to make the entire anonymous FTP subdirectory structure a file
system unto itself, with no allowance for the anonymous user to get
anywhere other than /usr/ftp (or whatever directory you use for
anonymous access). For this reason, you need to create a mini-file
system just for the anonymous FTP access which holds the usual
directory names and basic files that anyone logging in will need.
The process for setting up the directories that your anonymous FTP
login will need is simple, requiring you to create a number of
directories and copy files into them. Here's the basic procedure:
1. Create the bin directory (/usr/ftp/bin, for example) and copy the
directory listing command ls that users will need to view
directory and file details.
2. Create the etc directory (usr/ftp/etc, for example) and copy your
passwd file (/etc/passwd) and group file (/etc/group) into it.
We'll edit these files in a moment.
3. Create the lib directory (/usr/ftp/lib, for example) and copy the
files /lib/ld.so and /lib/libc.so.X (where X is the version number
of the libc file) into it. These files are used by ls. Do this
step only if your ls command requires these files; most versions
of Linux do not have this dependency.
4. Create the pub directory (/usr/ftp/pub, for example) to hold your
accessible files. We'll look at this directory in more detail in a
moment.
5. Create the dev directory (/usr/ftp/dev, for example) and use the
mknod command to copy the /dev/zero file. You need to retain the
same major and minor device numbers as the /dev/zero file in /dev.
This device file is used by ld.so (and hence ls). Do this step
only if ls requires the /lib directory files mentioned earlier.
The copies of the /etc/passwd and /etc/group files are copied into the
~ftp/etc directory. You should edit these files to remove all
passwords and replace them with an asterisk. Remove all entries in
both /etc/passwd and /etc/group, except those used by the anonymous
FTP login (usually just anonymous and bin).
The ~ftp/pub directory structure can be used to store the files you
want to allow anonymous users to access. Copy them into this
directory. You can create subdirectories as you need them for
organizational purposes. It may be useful to create an upload
directory somewhere in the ~ftp/pub directory structure which has
write permission, so that users can upload files to you only into this
upload area.
Setting Permissions
You can use the chroot command to help protect your system. The chroot
command makes the root directory appear to be something other than /
on a file system. For example, since chroot is always set for the
anonymous FTP login, any time anonymous users type a cd command, it
can always be relative to their home directory. In other words, when
they type cd /bin they will really be changing to /usr/ftp/bin if the
root has been set to /usr/ftp. This helps prevent access to any other
areas of the file system than the FTP directory structure.
If you do create an upload area, you may want to set the permissions
to allow execute and write, but not read (to prevent another user
downloading the files someone else has uploaded).
Set all permissions for directories under ~ftp/ to prevent write
access by user, group, or other. Make sure the directories and files
under ~ftp are set to allow the anonymous login to read them (set
their ownership and group permissions to the root login and group ID),
and set only read permission. The directories will need execute and
read permission to enable the anonymous users to enter them and obtain
directory listings. This provides pretty good security. All
directories in the ~ftp directory structure should have the
permissions set with the command
chmod 555 dir_name
which sets read-execute permission only. The exception is the upload
directory, which can have write permission as noted earlier.
Test the System
Before you let anyone else onto your Linux FTP system, log into it
yourself and try to access files you shouldn't be able to access, move
into directories out of the ~ftp structure, and write files where you
shouldn't be able to. This will provide a useful test of the
permissions and directory structure. Spend a few minutes trying to
read and write files. Make sure your system is buttoned up: If you
don't, someone else will find the holes and exploit them.
It is a useful idea to set up a mailbox for the FTP administrator so
users on other systems who need help or information can send mail to
you. Create a mail alias such as ftp-admin in the file /etc/aliases
(and run newaliases to make it effective).
Since this is a system administration book, we won't go into much
detail about how to organize your directory structure, but a few
useful tips may help you. To begin, decide what you want to store in
your FTP directories and organize the structure logically. For
example, if you are making available programs you have written, set up
separate directories for each. A README file in each directory will
help show browsers what it contains. A master README or INSTRUCTIONS
file in the ~ftp directory can help explain how your site is set up
and what its contents are.
A More Secure FTP
The FTP system discussed in the preceding sections, which is the basic
one supplied with practically every Linux distribution, requires a bit
of work to make it secure. However, it is still vulnerable to very
experienced crackers. There's a better alternative if you are paranoid
about your system's security: WU FTP. Developed at Washington
University, WU FTP adds some extra features to the standard FTP
system:
* Better control of user and group IDs
* Better tracking of uploads and downloads
* Automatic shutdown
* Automatic compression and decompression of files
If these features sound useful, you can obtain a copy of the source
code of WU FTP from several sites, although the primary site is
wuarchive.wustl.edu. Check for the file
/packages/wuarchive-ftpd/wu-ftpd-2.4.tar.Z. You will get the source
code which needs to be compiled on your Linux system.
WU FTP uses a number of environment variables to control the service,
and the accompanying documentation helps you set it up properly.
Setting up WU FTP is much more complex than standard FTP, and the
extra security, while useful, may be unnecessary for many FTP site
machines that you may set up at home or work (unless you have
sensitive information).
Summary
The information in this chapter enables you to set up your system as a
full anonymous FTP site or just a site for the users you want to gain
access. Although the process is simple, you have to take care to
ensure the file permissions are properly set. Once your FTP site is
up, you can let others on the Internet or your local area network know
that you are running, as well as the type of material you store on
your system. Then sit back and share!
Checklist Protecting an Anonymous FTP System
Anonymous FTP is fast, relatively easy to use, and a huge security
problem if you don't carefully set up your system. The following list
summarizes a few simple steps to setting up a better anonymous FTP
site:
1. Create a user account called ftp. Edit the /etc/passwd file
manually and replace the password with an asterisk in the second
field. This prevents anyone from gaining access through the ftp
account.
2. If a home directory wasn't created for the ftp user when you
created the account, set up a home directory for the ftp user's
sole use (such as /home/ftp).
3. Set the ftp home directory so that the root user is the owner:
chown root /usr/ftp
4. Make the ftp home directory unwritable to anyone with the command:
chmod ugo-w /usr/ftp
5. Create a bin directory under the ftp home directory:
mkdir ~ftp/bin
6. Make the ~ftp/bin directory owned by root and unwritable to anyone
else:
chown root ~ftp/bin
chmod ugo-w ~ftp/bin
7. Place a copy of the listing commands (and any others that you want
anonymous FTP users to use) in the bin directory:
cp /bin/ls ~ftp/bin
8. Create an etc directory under the ftp home directory and make it
owned by root and unwritable:
mkdir ~ftp/etc
chown root ~ftp/etc
chmod ugo-w ~ftp/etc
9. Copy the /etc/passwd and /etc/group files into the ~ftp/etc
directory. Edit both files to remove all user accounts except ftp
(and ftp's group). (At the very least, remove all passwords for
other accounts by placing asterisks in the password field.)
10. Create the directory ~ftp/pub/incoming, and make it owned by root.
Then, make the directory writable by anyone:
mkdir ~ftp/pub/incoming
chown root ~ftp/pub/incoming
chmod ugo+w ~ftp/pub/incoming
11. Place any files you want accessible by anonymous FTP into the
~ftp/pub directory. Users logging in through anonymous FTP will be
able to transfer the files out. Allowing users to write files into
the directory may not be desirable, so change the permissions or
check the files frequently.
By following these steps (modified for your own particular needs), you
can create a secure site that lets you breathe a little easier.
--
Enjoy Linux!
-----It's FREE!-----
※ 修改:.netiscpu 于 Jul 25 06:04:26 修改本文.[FROM: mtlab.hit.edu.cn]
※ 来源:.紫 丁 香 bbs.hit.edu.cn.[FROM: fengyun.hit.edu.]
Powered by KBS BBS 2.0 (http://dev.kcn.cn)
页面执行时间:395.958毫秒