7 Replies Latest reply on Jan 16, 2009 5:47 AM by 807557

    Disable anonymous ftp in Solaris 10

    807557
      Hello,

      I am trying to disable anonymous ftp on a solaris 10 server, but am having great difficulty.

      I have tried adding the line 'guestserver' to /etc/ftpd/ftpaccess - this did not work.
      There is no ftp account present in /etc/passwd
      The inetd.conf entry for ftp is 'ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd'
      I have even tried adding 'anonymous' to the /etc/ftpd/ftpusers file

      Anyone know how to shut anonymous ftp off, in a clean manner?
        • 1. Re: Disable anonymous ftp in Solaris 10
          807740
          I'm assuming that you don't want to disable all FTP access (i.e. shutdown FTP service).

          [http://kdhanesh.blogspot.com/2008/08/disable-anonymous-ftp-in-solaris-9.html|http://kdhanesh.blogspot.com/2008/08/disable-anonymous-ftp-in-solaris-9.html]
          • 2. Re: Disable anonymous ftp in Solaris 10
            807557
            That is correct, I would like to keep ftp running, just disable anonymous ftp

            As stated above I have tried the method outlined in the link above, it has not worked.

            Edited by: FalconAdmin on Jan 15, 2009 4:35 PM
            • 3. Re: Disable anonymous ftp in Solaris 10
              807557
              First silly question - do you have a normal user account called "anonymous" in your /etc/passwd /NIS/whatever does your login credentials? BTW, if you want to use ftpaccess, you must pass a "-a" on the in.ftpd line. Do a "man in.ftpd" for more info.
              • 4. Re: Disable anonymous ftp in Solaris 10
                807557
                I don't have an anonymous account in the /etc/passwd file.
                If i add a -a to the line exactly where do i add it?
                Should it be 'ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd -a'
                OR 'ftp stream tcp nowait root /usr/sbin/in.ftpd -a in.ftpd'
                • 5. Re: Disable anonymous ftp in Solaris 10
                  807557
                  The former. (the last field corresponds to argv[0], argv[1]...)

                  Though I find it odd that if you don't have an anonymous account, you think that anonymous ftp is active. If you ftp the host, and use anonymous and a password, it lets you in? It seems that the normal behavior is that is says
                  331 Guest login ok, send your complete e-mail address as password.
                  REGARDLESS of whether anonymous ftp is active or not (it's just that you can't log in without an allowed password). One can argue whether or not this is a desired behavior....

                  -r
                  • 6. Re: Disable anonymous ftp in Solaris 10
                    807557
                    Thanks for your help,

                    I was hoping that I could make it give the message
                    "530 Guest login not allowed on this machine." as in solaris 9
                    when people try to ftp as anonymous, but as long as they can't login as anonymous that will do.
                    • 7. Re: Disable anonymous ftp in Solaris 10
                      807557
                      Yeah... I guess it was determined to be a security leak, since you would know if there was an anonymous account there or not. If you want to be certain, look where syslog is logging LOG_INFO and you'll see the log messages of what it is doing.