Configuring File Transfer Protocol (FTP) servers

FTP server security

You can use the FTP Server Manager to check on various aspects of FTP server security:

You can restrict access by anonymous and guest group users to reading files from the server only. See ``Configuring FTP home directories'' for more information.
Incorrect file and directory permissions in FTP home directory areas might allow an intruder to add or modify files and so compromise your system. See ``Configuring FTP home directories'' for details of how to verify and correct such problems.
The user root should not normally be allowed access using FTP. See ``Denying access to users'' for details of how to deny access to users.
You can prevent unauthorized access to the contents of uploaded files by controlling the owner, group, and mode with which they are created. See ``Controlling access to directories'' for details of how to set access permissions for files and directories which external users place on an FTP server.
You can restrict the ability of users to change file permissions, and to delete and overwrite files in directories in which they would normally have write permission. See ``Setting FTP server options'' for details of how to set these permission options.
You can select to log the details of all command and file transactions and then view these. See ``Viewing FTP logs'' for details.
If you want to deny access to the FTP server from certain sites, you can do this as described in ``Denying access to hosts''.
You can also use packet filtering and TCP Wrappers to restrict access to the FTP server from certain sites. See ``Configuring packet filters and TCP Wrappers'' for more information.
You can permit or prevent access by individual FTP users at certain sites by editing the /etc/ftphosts file. See the ftphosts(4tcp) manual page for details.

Additionally, if you are setting up a publicly available FTP server, you should consider assigning a dedicated mountable filesystem to the ~ftp/pub/incoming directory. This will protect your system against an attacker who tries to fill your hard disk with large files or many small files (to use up the available inodes). Such an attack could render your system practically unusable until you remove the offending files. It is most convenient to reserve a filesystem for the incoming directory when you install your system or when you add a hard disk (see diskadd(1M)). Alternatively, if the incoming directory is on a ufs or vxfs filesystem, you can set up hard and soft limit quotas for the disk space and number of inodes that the ftp user is allowed (see quota(1M) and related manual pages ).

It is also advisable to set up a regular cron job to purge the directory of old or excessively large files, and to report any possible problems with disk usage (see crontab(1)). For example, the following crontab entries for root check hourly for the existence of files bigger than 10MB, and once per day delete files which have not been modified within the last 30 days:

   0 * * * * ksh -c "find ~ftp/pub/incoming -type f -size +10485760c -exec ls -l {} \; >> /var/adm/log/incoming.log"
   0 0 * * * ksh -c "find ~ftp/pub/incoming -type f -mtime +30 -exec rm -f {} \; 2>&1 > /dev/null"

For more on anonymous FTP security, consult the information available from CERT at the URL: ftp://info.cert.org/pub/tech_tips/anonymous_ftp_config.

You can also obtain information about the known abuses of anonymous FTP at the URL: ftp://info.cert.org/pub/tech_tips/anonymous_ftp_abuses.