Help with Anonymous FTP

Chris Cheyney chris at stiatl.UUCP
Thu Feb 15 07:32:08 AEST 1990 

I've been trying to install AIX anonymous FTP on the PS/2 Model 80
and am having limited success.  I receive from the FTP daemon the
FTP response code:
	550 Can't set guest privileges.

I've looked at the BSD FTP daemon source code and determined that the
problem is a chroot() call failing.  The actual place where it fails is
in the pass() function, and the instance is in the code fragment following
the body of this posting.  I have no idea how much of this IBM has modified,
so I'm just guessing that they're using something based on Berkeley's
FTPD.

I've added the following line to the two copies of the password file
(note: the one in /etc and the one in /u/ftp/etc):
	ftp:NOLOGIN:34:25:Mister FTP:/u/ftp:/bin/sh
where group 25 is group 'ftp'.

I've tried setting /etc/ftpd as setuid root, group system, which also
didn't work.  When it is having problems doing chroot() calls as root,
something's amiss.

Does anyone have a clue why the chroot() call would be failing so
that I have this problem with anonymous FTP?

Any help would be appreciated.


chris
---
Chris Cheyney                                | If you want to get something
Sales Technologies, Inc., Atlanta GA 30326   | done, go hire a mercenary.
Internet: stiatl!chris at gatech.edu            | If you want to find the nearest
UUCP:     {decvax,mcnc}!gatech!stiatl!chris  | donut shop, go ask a cop.


--- cut here ---

/*
 * Copyright (c) 1985 Regents of the University of California.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms are permitted
 * provided that the above copyright notice and this paragraph are
 * duplicated in all such forms and that any documentation,
 * advertising materials, and other materials related to such
 * distribution and use acknowledge that the software was developed
 * by the University of California, Berkeley.  The name of the
 * University may not be used to endorse or promote products derived
 * from this software without specific prior written permission.
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 */

/* Much BSD ftpd source deleted ..... */

pass(passwd)
	char *passwd;
{
	char *xpasswd;

	if (logged_in || pw == NULL) {
		reply(503, "Login with USER first.");
		return;
	}
	if (!guest) {		/* "ftp" is only account allowed no password */
		xpasswd = crypt(passwd, pw->pw_passwd);
		/* The strcmp does not catch null passwords! */
		if (*pw->pw_passwd == '\0' || strcmp(xpasswd, pw->pw_passwd)) {
			reply(530, "Login incorrect.");
			pw = NULL;
			return;
		}
	}
	setegid(pw->pw_gid);
	initgroups(pw->pw_name, pw->pw_gid);
	if (chdir(pw->pw_dir)) {
		reply(530, "User %s: can't change directory to %s.",
			pw->pw_name, pw->pw_dir);
		goto bad;
	}

	/* open wtmp before chroot */
	(void)sprintf(ttyline, "ftp%d", getpid());
	logwtmp(ttyline, pw->pw_name, remotehost);
	logged_in = 1;

	if (guest) {
		if (chroot(pw->pw_dir) < 0) {
			reply(550, "Can't set guest privileges.");
			goto bad;
		}
		reply(230, "Guest login ok, access restrictions apply.");
	} else
		reply(230, "User %s logged in.", pw->pw_name);
	seteuid(pw->pw_uid);
	home = pw->pw_dir;		/* home dir for globbing */
	return;
bad:
	seteuid(0);
	pw = NULL;
}

-- 
Chris Cheyney                                | If you want to get something
Sales Technologies, Inc., Atlanta GA 30326   | done, go hire a mercenary.
Internet: stiatl!chris at gatech.edu            | If you want to find the nearest
UUCP:     {decvax,mcnc}!gatech!stiatl!chris  | donut shop, go ask a cop.

More information about the Comp.unix.aix mailing list