File: README

package info (click to toggle)
twoftpd 1.14-1
  • links: PTS
  • area: main
  • in suites: woody
  • size: 1,556 kB
  • ctags: 901
  • sloc: ansic: 6,685; makefile: 321; sh: 175
file content (78 lines) | stat: -rw-r--r-- 2,905 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
twoftpd
Simple secure efficient FTP server
Bruce Guenter <bruceg@em.ca>
Version 1.14
2001-11-03

This is twoftpd, a new FTP server that strives to be secure, simple, and
efficient.  None of the commands can cause execution of other programs,
and the normal model of execution does a chroot to the logged in user's
directory immediately after authentication.

The name "twoftpd" comes from the fact that there were two parts to the
server -- an authenticating front end, which contains no file or data
transfer code, and a back end, which contains all the data transfer
code.

A mailing list has been set up to discuss this and other packages.
To subscribe, send an email to:
	bgware-subscribe@lists.em.ca
A mailing list archive is available at:
	http://lists.em.ca/?list=bgware

Development versions of twoftpd are available via anonymous CVS.
Set your CVSROOT to ":pserver:cvs@bruce-guenter.dyndns.org:/CVS",
login with an empty password, and check out the "twoftpd" module.

Development of this version has been sponsored by FutureQuest, Inc.
ossi@FutureQuest.net  http://www.FutureQuest.net/

Programs:

The package is broken down into two main programs: twoftpd-auth is a
front-end that only accepts USER and PASS (and a few other "built-in")
commands.  Once a user is authenticated, it exec's twoftpd-xfer, which
does a chdir/chroot/setgid/setuid combination to lock down all
priviledges.  twoftpd-anon is a stripped-down version of twoftpd-xfer
with all the filesystem modification commands removed.

Usage:

For a server handling only non-anonymous logins, optionally set CHROOT
and use:

	tcpserver -DHRv 0 ftp \
	/usr/local/bin/twoftpd-auth \
	/usr/local/bin/cvm-unix \
	/usr/local/bin/twoftpd-xfer

For a server handling only anonymous logins, set UID, GID, and HOME to
appropriate values, set CHROOT to 1, and set USER and GROUP to "ftp",
and use:

	tcpserver -DHRv 0 ftp /usr/local/bin/twoftpd-anon

If you want to have both anonymous and non-anonymous logins on the same
server, run both of the above two commands with two seperate IPs
substituted for the "0" parameter.  If you wish to have virtual
anonymous FTP service, run multiple anonymous servers on seperate IPs.

See the man pages for twoftpd-auth and twoftpd-xfer for more details.

Security notes:

Unless you have specific reason not to, always run with CHROOT set.

Always run twoftpd (and most other servers) with resources limits in
effect.  For example:

	tcpserver -DRHv 0 ftp softlimit -m 2000000 twoftpd-anon

This will allow the server to consume up to 2MB of memory before being
killed, which should be enough for most OS's, and still prevent memory
overflow attacks.

This program is Copyright(C) 2001 Bruce Guenter, and may be copied
according to the GNU GENERAL PUBLIC LICENSE (GPL) Version 2 or a later
version.  A copy of this license is included with this package.  This
package comes with no warranty of any kind.