Debian bug report logs -
#1556, boring messages
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: iwj10@cus.cam.ac.uk (Ian Jackson), debian-bugs@pixar.com
Resent-From: iwj10@cus.cam.ac.uk (Ian Jackson)
Orignal-Sender: iwj10@thor.cam.ac.uk (Ian Jackson)
Resent-To: debian-devel@pixar.com
Resent-Date: Fri, 06 Oct 1995 18:33:02 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10061828490@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Fri, 06 Oct 1995 18:33:02 GMT
Received: with rfc822 via encapsulated-mail; Fri, 06 Oct 1995 18:28:47 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1HU4-000BD7C; Fri, 6 Oct 95 11:27 PDT
Received: from hammer.thor.cam.ac.uk by pixar.com with SMTP id AA04726
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Fri, 6 Oct 1995 11:26:39 -0700
Received: by hammer.thor.cam.ac.uk
(Smail-3.1.29.0 #77) id m0t1HTx-000JfBC; Fri, 6 Oct 95 19:26 BST
Message-Id: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk>
Date: Fri, 6 Oct 95 19:26 BST
Sender: iwj10@thor.cam.ac.uk (Ian Jackson)
From: iwj10@cus.cam.ac.uk (Ian Jackson)
To: debian-bugs@pixar.com
Package: wu-ftpd
Version: 2.4-13
The wu-ftpd package installs a minimal /etc/group file in the anonftp
area. I don't remember whether it added a group with gid 50 to
/etc/group, but it makes the ftp area owned by group 50, and lists gid
50 as `ftp' in the anon-FTP /etc/group.
However, on my ~~ 0.93R5 system /etc/group contains group 50 as
`staff', and that group owns /usr/local.
There doesn't appear to be a security problem, because the wu-ftpd
doesn't ever seem (for example) to access files with gid 50, but this
is anomalous and should be corrected.
Ian.
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: iwj10@cus.cam.ac.uk (Ian Jackson)
Subject: Bug#1556: Acknowledgement (was: FTP gid = 50 ?)
In-Reply-To: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk>
References: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk>
Thank you for the problem report you have sent regarding Debian GNU/Linux.
This is an automatically generated reply, to let you know your message has
been received. It is being forwarded to the developers' mailing list for
their attention; they will reply in due course.
If you wish to submit further information on your problem, please send
it to debian-bugs@pixar.com, but please ensure that the Subject
line of your message starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: Ian Jackson <iwj10@cus.cam.ac.uk>, debian-bugs@pixar.com
Resent-From: Ian Jackson <iwj10@cus.cam.ac.uk>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 00:48:05 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080041180@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 00:48:05 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 00:41:16 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1a2E-000HbeC; Sat, 7 Oct 95 07:15 PDT
Received: from bootes.cus.cam.ac.uk by pixar.com with SMTP id AA26463
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 06:53:07 -0700
Received: by bootes.cus.cam.ac.uk
(Smail-3.1.29.0 #36) id m0t1Zgk-000BzVC; Sat, 7 Oct 95 14:53 BST
Received: by chiark
id <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
(Debian /\oo/\ Smail3.1.29.1 #29.33); Sat, 7 Oct 95 14:51 BST
Message-Id: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
Date: Sat, 7 Oct 95 14:51 BST
From: Ian Jackson <iwj10@cus.cam.ac.uk>
To: debian-bugs@pixar.com
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk>
<9510070939.AA13470@server.et-inf.fho-emden.de>
Peter Tobias writes ("Re: Bug#1556: FTP gid = 50 ?"):
> [...]
> The home directory of ftp and its subdirectories are owned by root.root.
> I'm using the group "staff" (not the number 50) because there is no need
> to use the privileged group "root". The system administrator can change
> the whole ftp tree to group "staff" to allow them to change things in
> this area.
That sounds entirely sensible.
> The ~ftp/etc/group lists the group "staff" as group "ftp".
However, I don't understand why you do this ? Why not just list
`staff' as `staff' in the FTP server's /etc/group ?
> I don't think it is anomalous or a bug. Why should the ftp account
> not use the group "staff". It's up to the system administrator to use it
> in the ftp file area.
I think it's good that it uses group `staff'. I don't think it's good
that it confused me enough to make me wonder if there was a problem.
This effect may well cause other people to set permissions on
directories inappropriately, or even to try to split apart the `ftp'
and `staff' groups ...
Ian.
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: Ian Jackson <iwj10@cus.cam.ac.uk>
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
References: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: tobias@et-inf.fho-emden.de, debian-bugs@pixar.com
Resent-From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 00:48:11 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080042200@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 00:48:11 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 00:42:18 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1adl-000Hi9C; Sat, 7 Oct 95 07:54 PDT
Received: from server.et-inf.fho-emden.de by pixar.com with SMTP id AA22446
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 02:48:16 -0700
Received: by server.et-inf.fho-emden.de (5.65/DEC-Ultrix/4.3)
id AA13470; Sat, 7 Oct 1995 10:39:44 +0100
Message-Id: <9510070939.AA13470@server.et-inf.fho-emden.de>
To: iwj10@cus.cam.ac.uk, debian-bugs@pixar.com
Date: Sat, 7 Oct 1995 10:39:43 +0100 (MET)
From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
In-Reply-To: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk> from "Ian Jackson" at Oct 6, 95 07:26:00 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Content-Length: 1646
Ian Jackson wrote:
> Package: wu-ftpd
> Version: 2.4-13
>
> The wu-ftpd package installs a minimal /etc/group file in the anonftp
> area. I don't remember whether it added a group with gid 50 to
> /etc/group, but it makes the ftp area owned by group 50, and lists gid
> 50 as `ftp' in the anon-FTP /etc/group.
The home directory of ftp and its subdirectories are owned by root.root.
I'm using the group "staff" (not the number 50) because there is no need
to use the privileged group "root". The system administrator can change
the whole ftp tree to group "staff" to allow them to change things in
this area. The ~ftp/etc/group lists the group "staff" as group "ftp".
computer-security/anonymous-ftp-faq:
| 1) Create the user ftp in /etc/passwd. Use a misc group. The user's home
| directory will be ~ftp where ~ftp is the root you wish anonymous users to
| see. Creating this user turns on anonymous ftp.
> However, on my ~~ 0.93R5 system /etc/group contains group 50 as
> `staff', and that group owns /usr/local.
This was intentional :-).
> There doesn't appear to be a security problem, because the wu-ftpd
> doesn't ever seem (for example) to access files with gid 50, but this
> is anomalous and should be corrected.
I don't think it is anomalous or a bug. Why should the ftp account
not use the group "staff". It's up to the system administrator to use it
in the ftp file area.
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@perseus.fho-emden.de
Constantiaplatz 4, 26723 Emden, Germany
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: tobias@et-inf.fho-emden.de
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <9510070939.AA13470@server.et-inf.fho-emden.de>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: Ian Jackson <iwj10@cus.cam.ac.uk>, debian-bugs@pixar.com
Resent-From: Ian Jackson <iwj10@cus.cam.ac.uk>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 00:48:25 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080044240@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 00:48:25 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 00:44:22 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1aWZ-000HgpC; Sat, 7 Oct 95 07:46 PDT
Received: from bootes.cus.cam.ac.uk by pixar.com with SMTP id AA26463
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 06:53:07 -0700
Received: by bootes.cus.cam.ac.uk
(Smail-3.1.29.0 #36) id m0t1Zgk-000BzVC; Sat, 7 Oct 95 14:53 BST
Received: by chiark
id <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
(Debian /\oo/\ Smail3.1.29.1 #29.33); Sat, 7 Oct 95 14:51 BST
Message-Id: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
Date: Sat, 7 Oct 95 14:51 BST
From: Ian Jackson <iwj10@cus.cam.ac.uk>
To: debian-bugs@pixar.com
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk>
<9510070939.AA13470@server.et-inf.fho-emden.de>
Peter Tobias writes ("Re: Bug#1556: FTP gid = 50 ?"):
> [...]
> The home directory of ftp and its subdirectories are owned by root.root.
> I'm using the group "staff" (not the number 50) because there is no need
> to use the privileged group "root". The system administrator can change
> the whole ftp tree to group "staff" to allow them to change things in
> this area.
That sounds entirely sensible.
> The ~ftp/etc/group lists the group "staff" as group "ftp".
However, I don't understand why you do this ? Why not just list
`staff' as `staff' in the FTP server's /etc/group ?
> I don't think it is anomalous or a bug. Why should the ftp account
> not use the group "staff". It's up to the system administrator to use it
> in the ftp file area.
I think it's good that it uses group `staff'. I don't think it's good
that it confused me enough to make me wonder if there was a problem.
This effect may well cause other people to set permissions on
directories inappropriately, or even to try to split apart the `ftp'
and `staff' groups ...
Ian.
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: Ian Jackson <iwj10@cus.cam.ac.uk>
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
References: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: tobias@et-inf.fho-emden.de, debian-bugs@pixar.com
Resent-From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 00:48:27 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080044550@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 00:48:27 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 00:44:53 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1b7i-000HleC; Sat, 7 Oct 95 08:25 PDT
Received: from server.et-inf.fho-emden.de by pixar.com with SMTP id AA22446
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 02:48:16 -0700
Received: by server.et-inf.fho-emden.de (5.65/DEC-Ultrix/4.3)
id AA13470; Sat, 7 Oct 1995 10:39:44 +0100
Message-Id: <9510070939.AA13470@server.et-inf.fho-emden.de>
To: iwj10@cus.cam.ac.uk, debian-bugs@pixar.com
Date: Sat, 7 Oct 1995 10:39:43 +0100 (MET)
From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
In-Reply-To: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk> from "Ian Jackson" at Oct 6, 95 07:26:00 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Content-Length: 1646
Ian Jackson wrote:
> Package: wu-ftpd
> Version: 2.4-13
>
> The wu-ftpd package installs a minimal /etc/group file in the anonftp
> area. I don't remember whether it added a group with gid 50 to
> /etc/group, but it makes the ftp area owned by group 50, and lists gid
> 50 as `ftp' in the anon-FTP /etc/group.
The home directory of ftp and its subdirectories are owned by root.root.
I'm using the group "staff" (not the number 50) because there is no need
to use the privileged group "root". The system administrator can change
the whole ftp tree to group "staff" to allow them to change things in
this area. The ~ftp/etc/group lists the group "staff" as group "ftp".
computer-security/anonymous-ftp-faq:
| 1) Create the user ftp in /etc/passwd. Use a misc group. The user's home
| directory will be ~ftp where ~ftp is the root you wish anonymous users to
| see. Creating this user turns on anonymous ftp.
> However, on my ~~ 0.93R5 system /etc/group contains group 50 as
> `staff', and that group owns /usr/local.
This was intentional :-).
> There doesn't appear to be a security problem, because the wu-ftpd
> doesn't ever seem (for example) to access files with gid 50, but this
> is anomalous and should be corrected.
I don't think it is anomalous or a bug. Why should the ftp account
not use the group "staff". It's up to the system administrator to use it
in the ftp file area.
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@perseus.fho-emden.de
Constantiaplatz 4, 26723 Emden, Germany
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: tobias@et-inf.fho-emden.de
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <9510070939.AA13470@server.et-inf.fho-emden.de>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: tobias@et-inf.fho-emden.de, debian-bugs@pixar.com
Resent-From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 00:48:29 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080045050@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 00:48:29 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 00:45:03 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1au3-000HjyC; Sat, 7 Oct 95 08:11 PDT
Received: from server.et-inf.fho-emden.de by pixar.com with SMTP id AA22446
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 02:48:16 -0700
Received: by server.et-inf.fho-emden.de (5.65/DEC-Ultrix/4.3)
id AA13470; Sat, 7 Oct 1995 10:39:44 +0100
Message-Id: <9510070939.AA13470@server.et-inf.fho-emden.de>
To: iwj10@cus.cam.ac.uk, debian-bugs@pixar.com
Date: Sat, 7 Oct 1995 10:39:43 +0100 (MET)
From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
In-Reply-To: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk> from "Ian Jackson" at Oct 6, 95 07:26:00 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Content-Length: 1646
Ian Jackson wrote:
> Package: wu-ftpd
> Version: 2.4-13
>
> The wu-ftpd package installs a minimal /etc/group file in the anonftp
> area. I don't remember whether it added a group with gid 50 to
> /etc/group, but it makes the ftp area owned by group 50, and lists gid
> 50 as `ftp' in the anon-FTP /etc/group.
The home directory of ftp and its subdirectories are owned by root.root.
I'm using the group "staff" (not the number 50) because there is no need
to use the privileged group "root". The system administrator can change
the whole ftp tree to group "staff" to allow them to change things in
this area. The ~ftp/etc/group lists the group "staff" as group "ftp".
computer-security/anonymous-ftp-faq:
| 1) Create the user ftp in /etc/passwd. Use a misc group. The user's home
| directory will be ~ftp where ~ftp is the root you wish anonymous users to
| see. Creating this user turns on anonymous ftp.
> However, on my ~~ 0.93R5 system /etc/group contains group 50 as
> `staff', and that group owns /usr/local.
This was intentional :-).
> There doesn't appear to be a security problem, because the wu-ftpd
> doesn't ever seem (for example) to access files with gid 50, but this
> is anomalous and should be corrected.
I don't think it is anomalous or a bug. Why should the ftp account
not use the group "staff". It's up to the system administrator to use it
in the ftp file area.
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@perseus.fho-emden.de
Constantiaplatz 4, 26723 Emden, Germany
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: tobias@et-inf.fho-emden.de
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <9510070939.AA13470@server.et-inf.fho-emden.de>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: tobias@et-inf.fho-emden.de, debian-bugs@pixar.com
Resent-From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 01:03:05 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080050540@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 01:03:05 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 00:50:52 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1bec-000Hp9C; Sat, 7 Oct 95 08:59 PDT
Received: from server.et-inf.fho-emden.de by pixar.com with SMTP id AA22446
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 02:48:16 -0700
Received: by server.et-inf.fho-emden.de (5.65/DEC-Ultrix/4.3)
id AA13470; Sat, 7 Oct 1995 10:39:44 +0100
Message-Id: <9510070939.AA13470@server.et-inf.fho-emden.de>
To: iwj10@cus.cam.ac.uk, debian-bugs@pixar.com
Date: Sat, 7 Oct 1995 10:39:43 +0100 (MET)
From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
In-Reply-To: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk> from "Ian Jackson" at Oct 6, 95 07:26:00 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Content-Length: 1646
Ian Jackson wrote:
> Package: wu-ftpd
> Version: 2.4-13
>
> The wu-ftpd package installs a minimal /etc/group file in the anonftp
> area. I don't remember whether it added a group with gid 50 to
> /etc/group, but it makes the ftp area owned by group 50, and lists gid
> 50 as `ftp' in the anon-FTP /etc/group.
The home directory of ftp and its subdirectories are owned by root.root.
I'm using the group "staff" (not the number 50) because there is no need
to use the privileged group "root". The system administrator can change
the whole ftp tree to group "staff" to allow them to change things in
this area. The ~ftp/etc/group lists the group "staff" as group "ftp".
computer-security/anonymous-ftp-faq:
| 1) Create the user ftp in /etc/passwd. Use a misc group. The user's home
| directory will be ~ftp where ~ftp is the root you wish anonymous users to
| see. Creating this user turns on anonymous ftp.
> However, on my ~~ 0.93R5 system /etc/group contains group 50 as
> `staff', and that group owns /usr/local.
This was intentional :-).
> There doesn't appear to be a security problem, because the wu-ftpd
> doesn't ever seem (for example) to access files with gid 50, but this
> is anomalous and should be corrected.
I don't think it is anomalous or a bug. Why should the ftp account
not use the group "staff". It's up to the system administrator to use it
in the ftp file area.
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@perseus.fho-emden.de
Constantiaplatz 4, 26723 Emden, Germany
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: tobias@et-inf.fho-emden.de
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <9510070939.AA13470@server.et-inf.fho-emden.de>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: tobias@et-inf.fho-emden.de, debian-bugs@pixar.com
Resent-From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 01:03:15 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080053420@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 01:03:15 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 00:53:40 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1bMi-000HnQC; Sat, 7 Oct 95 08:40 PDT
Received: from server.et-inf.fho-emden.de by pixar.com with SMTP id AA22446
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 02:48:16 -0700
Received: by server.et-inf.fho-emden.de (5.65/DEC-Ultrix/4.3)
id AA13470; Sat, 7 Oct 1995 10:39:44 +0100
Message-Id: <9510070939.AA13470@server.et-inf.fho-emden.de>
To: iwj10@cus.cam.ac.uk, debian-bugs@pixar.com
Date: Sat, 7 Oct 1995 10:39:43 +0100 (MET)
From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
In-Reply-To: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk> from "Ian Jackson" at Oct 6, 95 07:26:00 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Content-Length: 1646
Ian Jackson wrote:
> Package: wu-ftpd
> Version: 2.4-13
>
> The wu-ftpd package installs a minimal /etc/group file in the anonftp
> area. I don't remember whether it added a group with gid 50 to
> /etc/group, but it makes the ftp area owned by group 50, and lists gid
> 50 as `ftp' in the anon-FTP /etc/group.
The home directory of ftp and its subdirectories are owned by root.root.
I'm using the group "staff" (not the number 50) because there is no need
to use the privileged group "root". The system administrator can change
the whole ftp tree to group "staff" to allow them to change things in
this area. The ~ftp/etc/group lists the group "staff" as group "ftp".
computer-security/anonymous-ftp-faq:
| 1) Create the user ftp in /etc/passwd. Use a misc group. The user's home
| directory will be ~ftp where ~ftp is the root you wish anonymous users to
| see. Creating this user turns on anonymous ftp.
> However, on my ~~ 0.93R5 system /etc/group contains group 50 as
> `staff', and that group owns /usr/local.
This was intentional :-).
> There doesn't appear to be a security problem, because the wu-ftpd
> doesn't ever seem (for example) to access files with gid 50, but this
> is anomalous and should be corrected.
I don't think it is anomalous or a bug. Why should the ftp account
not use the group "staff". It's up to the system administrator to use it
in the ftp file area.
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@perseus.fho-emden.de
Constantiaplatz 4, 26723 Emden, Germany
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: tobias@et-inf.fho-emden.de
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <9510070939.AA13470@server.et-inf.fho-emden.de>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: Ian Jackson <iwj10@cus.cam.ac.uk>, debian-bugs@pixar.com
Resent-From: Ian Jackson <iwj10@cus.cam.ac.uk>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 01:03:17 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080054170@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 01:03:17 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 00:54:15 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1bmk-000HpxC; Sat, 7 Oct 95 09:07 PDT
Received: from bootes.cus.cam.ac.uk by pixar.com with SMTP id AA26463
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 06:53:07 -0700
Received: by bootes.cus.cam.ac.uk
(Smail-3.1.29.0 #36) id m0t1Zgk-000BzVC; Sat, 7 Oct 95 14:53 BST
Received: by chiark
id <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
(Debian /\oo/\ Smail3.1.29.1 #29.33); Sat, 7 Oct 95 14:51 BST
Message-Id: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
Date: Sat, 7 Oct 95 14:51 BST
From: Ian Jackson <iwj10@cus.cam.ac.uk>
To: debian-bugs@pixar.com
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk>
<9510070939.AA13470@server.et-inf.fho-emden.de>
Peter Tobias writes ("Re: Bug#1556: FTP gid = 50 ?"):
> [...]
> The home directory of ftp and its subdirectories are owned by root.root.
> I'm using the group "staff" (not the number 50) because there is no need
> to use the privileged group "root". The system administrator can change
> the whole ftp tree to group "staff" to allow them to change things in
> this area.
That sounds entirely sensible.
> The ~ftp/etc/group lists the group "staff" as group "ftp".
However, I don't understand why you do this ? Why not just list
`staff' as `staff' in the FTP server's /etc/group ?
> I don't think it is anomalous or a bug. Why should the ftp account
> not use the group "staff". It's up to the system administrator to use it
> in the ftp file area.
I think it's good that it uses group `staff'. I don't think it's good
that it confused me enough to make me wonder if there was a problem.
This effect may well cause other people to set permissions on
directories inappropriately, or even to try to split apart the `ftp'
and `staff' groups ...
Ian.
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: Ian Jackson <iwj10@cus.cam.ac.uk>
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
References: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: tobias@et-inf.fho-emden.de, debian-bugs@pixar.com
Resent-From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 01:03:26 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080055480@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 01:03:26 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 00:55:46 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1bzW-000Hr8C; Sat, 7 Oct 95 09:20 PDT
Received: from server.et-inf.fho-emden.de by pixar.com with SMTP id AA22446
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 02:48:16 -0700
Received: by server.et-inf.fho-emden.de (5.65/DEC-Ultrix/4.3)
id AA13470; Sat, 7 Oct 1995 10:39:44 +0100
Message-Id: <9510070939.AA13470@server.et-inf.fho-emden.de>
To: iwj10@cus.cam.ac.uk, debian-bugs@pixar.com
Date: Sat, 7 Oct 1995 10:39:43 +0100 (MET)
From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
In-Reply-To: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk> from "Ian Jackson" at Oct 6, 95 07:26:00 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Content-Length: 1646
Ian Jackson wrote:
> Package: wu-ftpd
> Version: 2.4-13
>
> The wu-ftpd package installs a minimal /etc/group file in the anonftp
> area. I don't remember whether it added a group with gid 50 to
> /etc/group, but it makes the ftp area owned by group 50, and lists gid
> 50 as `ftp' in the anon-FTP /etc/group.
The home directory of ftp and its subdirectories are owned by root.root.
I'm using the group "staff" (not the number 50) because there is no need
to use the privileged group "root". The system administrator can change
the whole ftp tree to group "staff" to allow them to change things in
this area. The ~ftp/etc/group lists the group "staff" as group "ftp".
computer-security/anonymous-ftp-faq:
| 1) Create the user ftp in /etc/passwd. Use a misc group. The user's home
| directory will be ~ftp where ~ftp is the root you wish anonymous users to
| see. Creating this user turns on anonymous ftp.
> However, on my ~~ 0.93R5 system /etc/group contains group 50 as
> `staff', and that group owns /usr/local.
This was intentional :-).
> There doesn't appear to be a security problem, because the wu-ftpd
> doesn't ever seem (for example) to access files with gid 50, but this
> is anomalous and should be corrected.
I don't think it is anomalous or a bug. Why should the ftp account
not use the group "staff". It's up to the system administrator to use it
in the ftp file area.
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@perseus.fho-emden.de
Constantiaplatz 4, 26723 Emden, Germany
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: tobias@et-inf.fho-emden.de
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <9510070939.AA13470@server.et-inf.fho-emden.de>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: Ian Jackson <iwj10@cus.cam.ac.uk>, debian-bugs@pixar.com
Resent-From: Ian Jackson <iwj10@cus.cam.ac.uk>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 01:03:28 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080055490@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 01:03:28 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 00:55:47 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1bVn-000HoiC; Sat, 7 Oct 95 08:50 PDT
Received: from bootes.cus.cam.ac.uk by pixar.com with SMTP id AA26463
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 06:53:07 -0700
Received: by bootes.cus.cam.ac.uk
(Smail-3.1.29.0 #36) id m0t1Zgk-000BzVC; Sat, 7 Oct 95 14:53 BST
Received: by chiark
id <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
(Debian /\oo/\ Smail3.1.29.1 #29.33); Sat, 7 Oct 95 14:51 BST
Message-Id: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
Date: Sat, 7 Oct 95 14:51 BST
From: Ian Jackson <iwj10@cus.cam.ac.uk>
To: debian-bugs@pixar.com
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk>
<9510070939.AA13470@server.et-inf.fho-emden.de>
Peter Tobias writes ("Re: Bug#1556: FTP gid = 50 ?"):
> [...]
> The home directory of ftp and its subdirectories are owned by root.root.
> I'm using the group "staff" (not the number 50) because there is no need
> to use the privileged group "root". The system administrator can change
> the whole ftp tree to group "staff" to allow them to change things in
> this area.
That sounds entirely sensible.
> The ~ftp/etc/group lists the group "staff" as group "ftp".
However, I don't understand why you do this ? Why not just list
`staff' as `staff' in the FTP server's /etc/group ?
> I don't think it is anomalous or a bug. Why should the ftp account
> not use the group "staff". It's up to the system administrator to use it
> in the ftp file area.
I think it's good that it uses group `staff'. I don't think it's good
that it confused me enough to make me wonder if there was a problem.
This effect may well cause other people to set permissions on
directories inappropriately, or even to try to split apart the `ftp'
and `staff' groups ...
Ian.
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: Ian Jackson <iwj10@cus.cam.ac.uk>
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
References: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: Ian Jackson <iwj10@cus.cam.ac.uk>, debian-bugs@pixar.com
Resent-From: Ian Jackson <iwj10@cus.cam.ac.uk>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 01:03:30 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080057390@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 01:03:30 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 00:57:37 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1c2w-000HrtC; Sat, 7 Oct 95 09:24 PDT
Received: from bootes.cus.cam.ac.uk by pixar.com with SMTP id AA26463
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 06:53:07 -0700
Received: by bootes.cus.cam.ac.uk
(Smail-3.1.29.0 #36) id m0t1Zgk-000BzVC; Sat, 7 Oct 95 14:53 BST
Received: by chiark
id <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
(Debian /\oo/\ Smail3.1.29.1 #29.33); Sat, 7 Oct 95 14:51 BST
Message-Id: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
Date: Sat, 7 Oct 95 14:51 BST
From: Ian Jackson <iwj10@cus.cam.ac.uk>
To: debian-bugs@pixar.com
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk>
<9510070939.AA13470@server.et-inf.fho-emden.de>
Peter Tobias writes ("Re: Bug#1556: FTP gid = 50 ?"):
> [...]
> The home directory of ftp and its subdirectories are owned by root.root.
> I'm using the group "staff" (not the number 50) because there is no need
> to use the privileged group "root". The system administrator can change
> the whole ftp tree to group "staff" to allow them to change things in
> this area.
That sounds entirely sensible.
> The ~ftp/etc/group lists the group "staff" as group "ftp".
However, I don't understand why you do this ? Why not just list
`staff' as `staff' in the FTP server's /etc/group ?
> I don't think it is anomalous or a bug. Why should the ftp account
> not use the group "staff". It's up to the system administrator to use it
> in the ftp file area.
I think it's good that it uses group `staff'. I don't think it's good
that it confused me enough to make me wonder if there was a problem.
This effect may well cause other people to set permissions on
directories inappropriately, or even to try to split apart the `ftp'
and `staff' groups ...
Ian.
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: Ian Jackson <iwj10@cus.cam.ac.uk>
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
References: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: tobias@et-inf.fho-emden.de, debian-bugs@pixar.com
Resent-From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 01:03:40 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080101460@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 01:03:40 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 01:01:44 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1cDs-000HsJC; Sat, 7 Oct 95 09:35 PDT
Received: from server.et-inf.fho-emden.de by pixar.com with SMTP id AA22446
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 02:48:16 -0700
Received: by server.et-inf.fho-emden.de (5.65/DEC-Ultrix/4.3)
id AA13470; Sat, 7 Oct 1995 10:39:44 +0100
Message-Id: <9510070939.AA13470@server.et-inf.fho-emden.de>
To: iwj10@cus.cam.ac.uk, debian-bugs@pixar.com
Date: Sat, 7 Oct 1995 10:39:43 +0100 (MET)
From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
In-Reply-To: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk> from "Ian Jackson" at Oct 6, 95 07:26:00 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Content-Length: 1646
Ian Jackson wrote:
> Package: wu-ftpd
> Version: 2.4-13
>
> The wu-ftpd package installs a minimal /etc/group file in the anonftp
> area. I don't remember whether it added a group with gid 50 to
> /etc/group, but it makes the ftp area owned by group 50, and lists gid
> 50 as `ftp' in the anon-FTP /etc/group.
The home directory of ftp and its subdirectories are owned by root.root.
I'm using the group "staff" (not the number 50) because there is no need
to use the privileged group "root". The system administrator can change
the whole ftp tree to group "staff" to allow them to change things in
this area. The ~ftp/etc/group lists the group "staff" as group "ftp".
computer-security/anonymous-ftp-faq:
| 1) Create the user ftp in /etc/passwd. Use a misc group. The user's home
| directory will be ~ftp where ~ftp is the root you wish anonymous users to
| see. Creating this user turns on anonymous ftp.
> However, on my ~~ 0.93R5 system /etc/group contains group 50 as
> `staff', and that group owns /usr/local.
This was intentional :-).
> There doesn't appear to be a security problem, because the wu-ftpd
> doesn't ever seem (for example) to access files with gid 50, but this
> is anomalous and should be corrected.
I don't think it is anomalous or a bug. Why should the ftp account
not use the group "staff". It's up to the system administrator to use it
in the ftp file area.
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@perseus.fho-emden.de
Constantiaplatz 4, 26723 Emden, Germany
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: tobias@et-inf.fho-emden.de
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <9510070939.AA13470@server.et-inf.fho-emden.de>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: Ian Jackson <iwj10@cus.cam.ac.uk>, debian-bugs@pixar.com
Resent-From: Ian Jackson <iwj10@cus.cam.ac.uk>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 01:03:47 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080103090@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 01:03:47 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 01:03:07 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1cDz-000HtkC; Sat, 7 Oct 95 09:35 PDT
Received: from bootes.cus.cam.ac.uk by pixar.com with SMTP id AA26463
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 06:53:07 -0700
Received: by bootes.cus.cam.ac.uk
(Smail-3.1.29.0 #36) id m0t1Zgk-000BzVC; Sat, 7 Oct 95 14:53 BST
Received: by chiark
id <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
(Debian /\oo/\ Smail3.1.29.1 #29.33); Sat, 7 Oct 95 14:51 BST
Message-Id: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
Date: Sat, 7 Oct 95 14:51 BST
From: Ian Jackson <iwj10@cus.cam.ac.uk>
To: debian-bugs@pixar.com
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk>
<9510070939.AA13470@server.et-inf.fho-emden.de>
Peter Tobias writes ("Re: Bug#1556: FTP gid = 50 ?"):
> [...]
> The home directory of ftp and its subdirectories are owned by root.root.
> I'm using the group "staff" (not the number 50) because there is no need
> to use the privileged group "root". The system administrator can change
> the whole ftp tree to group "staff" to allow them to change things in
> this area.
That sounds entirely sensible.
> The ~ftp/etc/group lists the group "staff" as group "ftp".
However, I don't understand why you do this ? Why not just list
`staff' as `staff' in the FTP server's /etc/group ?
> I don't think it is anomalous or a bug. Why should the ftp account
> not use the group "staff". It's up to the system administrator to use it
> in the ftp file area.
I think it's good that it uses group `staff'. I don't think it's good
that it confused me enough to make me wonder if there was a problem.
This effect may well cause other people to set permissions on
directories inappropriately, or even to try to split apart the `ftp'
and `staff' groups ...
Ian.
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: Ian Jackson <iwj10@cus.cam.ac.uk>
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
References: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: tobias@et-inf.fho-emden.de, debian-bugs@pixar.com
Resent-From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 04:03:10 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080349400@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 04:03:10 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 03:49:38 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1Vrz-000HK1C; Sat, 7 Oct 95 02:48 PDT
Received: from server.et-inf.fho-emden.de by pixar.com with SMTP id AA22446
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 02:48:16 -0700
Received: by server.et-inf.fho-emden.de (5.65/DEC-Ultrix/4.3)
id AA13470; Sat, 7 Oct 1995 10:39:44 +0100
Message-Id: <9510070939.AA13470@server.et-inf.fho-emden.de>
To: iwj10@cus.cam.ac.uk, debian-bugs@pixar.com
Date: Sat, 7 Oct 1995 10:39:43 +0100 (MET)
From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
In-Reply-To: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk> from "Ian Jackson" at Oct 6, 95 07:26:00 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Content-Length: 1646
Ian Jackson wrote:
> Package: wu-ftpd
> Version: 2.4-13
>
> The wu-ftpd package installs a minimal /etc/group file in the anonftp
> area. I don't remember whether it added a group with gid 50 to
> /etc/group, but it makes the ftp area owned by group 50, and lists gid
> 50 as `ftp' in the anon-FTP /etc/group.
The home directory of ftp and its subdirectories are owned by root.root.
I'm using the group "staff" (not the number 50) because there is no need
to use the privileged group "root". The system administrator can change
the whole ftp tree to group "staff" to allow them to change things in
this area. The ~ftp/etc/group lists the group "staff" as group "ftp".
computer-security/anonymous-ftp-faq:
| 1) Create the user ftp in /etc/passwd. Use a misc group. The user's home
| directory will be ~ftp where ~ftp is the root you wish anonymous users to
| see. Creating this user turns on anonymous ftp.
> However, on my ~~ 0.93R5 system /etc/group contains group 50 as
> `staff', and that group owns /usr/local.
This was intentional :-).
> There doesn't appear to be a security problem, because the wu-ftpd
> doesn't ever seem (for example) to access files with gid 50, but this
> is anomalous and should be corrected.
I don't think it is anomalous or a bug. Why should the ftp account
not use the group "staff". It's up to the system administrator to use it
in the ftp file area.
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@perseus.fho-emden.de
Constantiaplatz 4, 26723 Emden, Germany
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: tobias@et-inf.fho-emden.de
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <9510070939.AA13470@server.et-inf.fho-emden.de>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: tobias@et-inf.fho-emden.de, debian-bugs@pixar.com
Resent-From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 04:03:12 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080350070@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 04:03:12 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 03:50:04 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1WHg-000HL2C; Sat, 7 Oct 95 03:15 PDT
Received: from server.et-inf.fho-emden.de by pixar.com with SMTP id AA22446
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 02:48:16 -0700
Received: by server.et-inf.fho-emden.de (5.65/DEC-Ultrix/4.3)
id AA13470; Sat, 7 Oct 1995 10:39:44 +0100
Message-Id: <9510070939.AA13470@server.et-inf.fho-emden.de>
To: iwj10@cus.cam.ac.uk, debian-bugs@pixar.com
Date: Sat, 7 Oct 1995 10:39:43 +0100 (MET)
From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
In-Reply-To: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk> from "Ian Jackson" at Oct 6, 95 07:26:00 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Content-Length: 1646
Ian Jackson wrote:
> Package: wu-ftpd
> Version: 2.4-13
>
> The wu-ftpd package installs a minimal /etc/group file in the anonftp
> area. I don't remember whether it added a group with gid 50 to
> /etc/group, but it makes the ftp area owned by group 50, and lists gid
> 50 as `ftp' in the anon-FTP /etc/group.
The home directory of ftp and its subdirectories are owned by root.root.
I'm using the group "staff" (not the number 50) because there is no need
to use the privileged group "root". The system administrator can change
the whole ftp tree to group "staff" to allow them to change things in
this area. The ~ftp/etc/group lists the group "staff" as group "ftp".
computer-security/anonymous-ftp-faq:
| 1) Create the user ftp in /etc/passwd. Use a misc group. The user's home
| directory will be ~ftp where ~ftp is the root you wish anonymous users to
| see. Creating this user turns on anonymous ftp.
> However, on my ~~ 0.93R5 system /etc/group contains group 50 as
> `staff', and that group owns /usr/local.
This was intentional :-).
> There doesn't appear to be a security problem, because the wu-ftpd
> doesn't ever seem (for example) to access files with gid 50, but this
> is anomalous and should be corrected.
I don't think it is anomalous or a bug. Why should the ftp account
not use the group "staff". It's up to the system administrator to use it
in the ftp file area.
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@perseus.fho-emden.de
Constantiaplatz 4, 26723 Emden, Germany
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: tobias@et-inf.fho-emden.de
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <9510070939.AA13470@server.et-inf.fho-emden.de>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: tobias@et-inf.fho-emden.de, debian-bugs@pixar.com
Resent-From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 04:03:17 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080350420@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 04:03:17 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 03:50:40 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1Wm6-000HMlC; Sat, 7 Oct 95 03:46 PDT
Received: from server.et-inf.fho-emden.de by pixar.com with SMTP id AA22446
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 02:48:16 -0700
Received: by server.et-inf.fho-emden.de (5.65/DEC-Ultrix/4.3)
id AA13470; Sat, 7 Oct 1995 10:39:44 +0100
Message-Id: <9510070939.AA13470@server.et-inf.fho-emden.de>
To: iwj10@cus.cam.ac.uk, debian-bugs@pixar.com
Date: Sat, 7 Oct 1995 10:39:43 +0100 (MET)
From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
In-Reply-To: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk> from "Ian Jackson" at Oct 6, 95 07:26:00 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Content-Length: 1646
Ian Jackson wrote:
> Package: wu-ftpd
> Version: 2.4-13
>
> The wu-ftpd package installs a minimal /etc/group file in the anonftp
> area. I don't remember whether it added a group with gid 50 to
> /etc/group, but it makes the ftp area owned by group 50, and lists gid
> 50 as `ftp' in the anon-FTP /etc/group.
The home directory of ftp and its subdirectories are owned by root.root.
I'm using the group "staff" (not the number 50) because there is no need
to use the privileged group "root". The system administrator can change
the whole ftp tree to group "staff" to allow them to change things in
this area. The ~ftp/etc/group lists the group "staff" as group "ftp".
computer-security/anonymous-ftp-faq:
| 1) Create the user ftp in /etc/passwd. Use a misc group. The user's home
| directory will be ~ftp where ~ftp is the root you wish anonymous users to
| see. Creating this user turns on anonymous ftp.
> However, on my ~~ 0.93R5 system /etc/group contains group 50 as
> `staff', and that group owns /usr/local.
This was intentional :-).
> There doesn't appear to be a security problem, because the wu-ftpd
> doesn't ever seem (for example) to access files with gid 50, but this
> is anomalous and should be corrected.
I don't think it is anomalous or a bug. Why should the ftp account
not use the group "staff". It's up to the system administrator to use it
in the ftp file area.
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@perseus.fho-emden.de
Constantiaplatz 4, 26723 Emden, Germany
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: tobias@et-inf.fho-emden.de
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <9510070939.AA13470@server.et-inf.fho-emden.de>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: tobias@et-inf.fho-emden.de, debian-bugs@pixar.com
Resent-From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 04:03:19 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080351100@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 04:03:19 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 03:51:08 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1WWI-000HLtC; Sat, 7 Oct 95 03:30 PDT
Received: from server.et-inf.fho-emden.de by pixar.com with SMTP id AA22446
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 02:48:16 -0700
Received: by server.et-inf.fho-emden.de (5.65/DEC-Ultrix/4.3)
id AA13470; Sat, 7 Oct 1995 10:39:44 +0100
Message-Id: <9510070939.AA13470@server.et-inf.fho-emden.de>
To: iwj10@cus.cam.ac.uk, debian-bugs@pixar.com
Date: Sat, 7 Oct 1995 10:39:43 +0100 (MET)
From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
In-Reply-To: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk> from "Ian Jackson" at Oct 6, 95 07:26:00 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Content-Length: 1646
Ian Jackson wrote:
> Package: wu-ftpd
> Version: 2.4-13
>
> The wu-ftpd package installs a minimal /etc/group file in the anonftp
> area. I don't remember whether it added a group with gid 50 to
> /etc/group, but it makes the ftp area owned by group 50, and lists gid
> 50 as `ftp' in the anon-FTP /etc/group.
The home directory of ftp and its subdirectories are owned by root.root.
I'm using the group "staff" (not the number 50) because there is no need
to use the privileged group "root". The system administrator can change
the whole ftp tree to group "staff" to allow them to change things in
this area. The ~ftp/etc/group lists the group "staff" as group "ftp".
computer-security/anonymous-ftp-faq:
| 1) Create the user ftp in /etc/passwd. Use a misc group. The user's home
| directory will be ~ftp where ~ftp is the root you wish anonymous users to
| see. Creating this user turns on anonymous ftp.
> However, on my ~~ 0.93R5 system /etc/group contains group 50 as
> `staff', and that group owns /usr/local.
This was intentional :-).
> There doesn't appear to be a security problem, because the wu-ftpd
> doesn't ever seem (for example) to access files with gid 50, but this
> is anomalous and should be corrected.
I don't think it is anomalous or a bug. Why should the ftp account
not use the group "staff". It's up to the system administrator to use it
in the ftp file area.
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@perseus.fho-emden.de
Constantiaplatz 4, 26723 Emden, Germany
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: tobias@et-inf.fho-emden.de
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <9510070939.AA13470@server.et-inf.fho-emden.de>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: tobias@et-inf.fho-emden.de, debian-bugs@pixar.com
Resent-From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 04:03:21 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080351530@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 04:03:21 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 03:51:51 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1X0d-000HNeC; Sat, 7 Oct 95 04:01 PDT
Received: from server.et-inf.fho-emden.de by pixar.com with SMTP id AA22446
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 02:48:16 -0700
Received: by server.et-inf.fho-emden.de (5.65/DEC-Ultrix/4.3)
id AA13470; Sat, 7 Oct 1995 10:39:44 +0100
Message-Id: <9510070939.AA13470@server.et-inf.fho-emden.de>
To: iwj10@cus.cam.ac.uk, debian-bugs@pixar.com
Date: Sat, 7 Oct 1995 10:39:43 +0100 (MET)
From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
In-Reply-To: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk> from "Ian Jackson" at Oct 6, 95 07:26:00 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Content-Length: 1646
Ian Jackson wrote:
> Package: wu-ftpd
> Version: 2.4-13
>
> The wu-ftpd package installs a minimal /etc/group file in the anonftp
> area. I don't remember whether it added a group with gid 50 to
> /etc/group, but it makes the ftp area owned by group 50, and lists gid
> 50 as `ftp' in the anon-FTP /etc/group.
The home directory of ftp and its subdirectories are owned by root.root.
I'm using the group "staff" (not the number 50) because there is no need
to use the privileged group "root". The system administrator can change
the whole ftp tree to group "staff" to allow them to change things in
this area. The ~ftp/etc/group lists the group "staff" as group "ftp".
computer-security/anonymous-ftp-faq:
| 1) Create the user ftp in /etc/passwd. Use a misc group. The user's home
| directory will be ~ftp where ~ftp is the root you wish anonymous users to
| see. Creating this user turns on anonymous ftp.
> However, on my ~~ 0.93R5 system /etc/group contains group 50 as
> `staff', and that group owns /usr/local.
This was intentional :-).
> There doesn't appear to be a security problem, because the wu-ftpd
> doesn't ever seem (for example) to access files with gid 50, but this
> is anomalous and should be corrected.
I don't think it is anomalous or a bug. Why should the ftp account
not use the group "staff". It's up to the system administrator to use it
in the ftp file area.
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@perseus.fho-emden.de
Constantiaplatz 4, 26723 Emden, Germany
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: tobias@et-inf.fho-emden.de
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <9510070939.AA13470@server.et-inf.fho-emden.de>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: tobias@et-inf.fho-emden.de, debian-bugs@pixar.com
Resent-From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 04:03:23 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080351580@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 04:03:23 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 03:51:56 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1XFx-000HNuC; Sat, 7 Oct 95 04:17 PDT
Received: from server.et-inf.fho-emden.de by pixar.com with SMTP id AA22446
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 02:48:16 -0700
Received: by server.et-inf.fho-emden.de (5.65/DEC-Ultrix/4.3)
id AA13470; Sat, 7 Oct 1995 10:39:44 +0100
Message-Id: <9510070939.AA13470@server.et-inf.fho-emden.de>
To: iwj10@cus.cam.ac.uk, debian-bugs@pixar.com
Date: Sat, 7 Oct 1995 10:39:43 +0100 (MET)
From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
In-Reply-To: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk> from "Ian Jackson" at Oct 6, 95 07:26:00 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Content-Length: 1646
Ian Jackson wrote:
> Package: wu-ftpd
> Version: 2.4-13
>
> The wu-ftpd package installs a minimal /etc/group file in the anonftp
> area. I don't remember whether it added a group with gid 50 to
> /etc/group, but it makes the ftp area owned by group 50, and lists gid
> 50 as `ftp' in the anon-FTP /etc/group.
The home directory of ftp and its subdirectories are owned by root.root.
I'm using the group "staff" (not the number 50) because there is no need
to use the privileged group "root". The system administrator can change
the whole ftp tree to group "staff" to allow them to change things in
this area. The ~ftp/etc/group lists the group "staff" as group "ftp".
computer-security/anonymous-ftp-faq:
| 1) Create the user ftp in /etc/passwd. Use a misc group. The user's home
| directory will be ~ftp where ~ftp is the root you wish anonymous users to
| see. Creating this user turns on anonymous ftp.
> However, on my ~~ 0.93R5 system /etc/group contains group 50 as
> `staff', and that group owns /usr/local.
This was intentional :-).
> There doesn't appear to be a security problem, because the wu-ftpd
> doesn't ever seem (for example) to access files with gid 50, but this
> is anomalous and should be corrected.
I don't think it is anomalous or a bug. Why should the ftp account
not use the group "staff". It's up to the system administrator to use it
in the ftp file area.
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@perseus.fho-emden.de
Constantiaplatz 4, 26723 Emden, Germany
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: tobias@et-inf.fho-emden.de
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <9510070939.AA13470@server.et-inf.fho-emden.de>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: tobias@et-inf.fho-emden.de, debian-bugs@pixar.com
Resent-From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 04:03:25 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080353000@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 04:03:25 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 03:52:58 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1XU9-000HP4C; Sat, 7 Oct 95 04:32 PDT
Received: from server.et-inf.fho-emden.de by pixar.com with SMTP id AA22446
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 02:48:16 -0700
Received: by server.et-inf.fho-emden.de (5.65/DEC-Ultrix/4.3)
id AA13470; Sat, 7 Oct 1995 10:39:44 +0100
Message-Id: <9510070939.AA13470@server.et-inf.fho-emden.de>
To: iwj10@cus.cam.ac.uk, debian-bugs@pixar.com
Date: Sat, 7 Oct 1995 10:39:43 +0100 (MET)
From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
In-Reply-To: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk> from "Ian Jackson" at Oct 6, 95 07:26:00 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Content-Length: 1646
Ian Jackson wrote:
> Package: wu-ftpd
> Version: 2.4-13
>
> The wu-ftpd package installs a minimal /etc/group file in the anonftp
> area. I don't remember whether it added a group with gid 50 to
> /etc/group, but it makes the ftp area owned by group 50, and lists gid
> 50 as `ftp' in the anon-FTP /etc/group.
The home directory of ftp and its subdirectories are owned by root.root.
I'm using the group "staff" (not the number 50) because there is no need
to use the privileged group "root". The system administrator can change
the whole ftp tree to group "staff" to allow them to change things in
this area. The ~ftp/etc/group lists the group "staff" as group "ftp".
computer-security/anonymous-ftp-faq:
| 1) Create the user ftp in /etc/passwd. Use a misc group. The user's home
| directory will be ~ftp where ~ftp is the root you wish anonymous users to
| see. Creating this user turns on anonymous ftp.
> However, on my ~~ 0.93R5 system /etc/group contains group 50 as
> `staff', and that group owns /usr/local.
This was intentional :-).
> There doesn't appear to be a security problem, because the wu-ftpd
> doesn't ever seem (for example) to access files with gid 50, but this
> is anomalous and should be corrected.
I don't think it is anomalous or a bug. Why should the ftp account
not use the group "staff". It's up to the system administrator to use it
in the ftp file area.
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@perseus.fho-emden.de
Constantiaplatz 4, 26723 Emden, Germany
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: tobias@et-inf.fho-emden.de
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <9510070939.AA13470@server.et-inf.fho-emden.de>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: tobias@et-inf.fho-emden.de, debian-bugs@pixar.com
Resent-From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 04:18:02 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080403500@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 04:18:02 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 04:03:48 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1Xxa-000HRMC; Sat, 7 Oct 95 05:02 PDT
Received: from server.et-inf.fho-emden.de by pixar.com with SMTP id AA22446
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 02:48:16 -0700
Received: by server.et-inf.fho-emden.de (5.65/DEC-Ultrix/4.3)
id AA13470; Sat, 7 Oct 1995 10:39:44 +0100
Message-Id: <9510070939.AA13470@server.et-inf.fho-emden.de>
To: iwj10@cus.cam.ac.uk, debian-bugs@pixar.com
Date: Sat, 7 Oct 1995 10:39:43 +0100 (MET)
From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
In-Reply-To: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk> from "Ian Jackson" at Oct 6, 95 07:26:00 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Content-Length: 1646
Ian Jackson wrote:
> Package: wu-ftpd
> Version: 2.4-13
>
> The wu-ftpd package installs a minimal /etc/group file in the anonftp
> area. I don't remember whether it added a group with gid 50 to
> /etc/group, but it makes the ftp area owned by group 50, and lists gid
> 50 as `ftp' in the anon-FTP /etc/group.
The home directory of ftp and its subdirectories are owned by root.root.
I'm using the group "staff" (not the number 50) because there is no need
to use the privileged group "root". The system administrator can change
the whole ftp tree to group "staff" to allow them to change things in
this area. The ~ftp/etc/group lists the group "staff" as group "ftp".
computer-security/anonymous-ftp-faq:
| 1) Create the user ftp in /etc/passwd. Use a misc group. The user's home
| directory will be ~ftp where ~ftp is the root you wish anonymous users to
| see. Creating this user turns on anonymous ftp.
> However, on my ~~ 0.93R5 system /etc/group contains group 50 as
> `staff', and that group owns /usr/local.
This was intentional :-).
> There doesn't appear to be a security problem, because the wu-ftpd
> doesn't ever seem (for example) to access files with gid 50, but this
> is anomalous and should be corrected.
I don't think it is anomalous or a bug. Why should the ftp account
not use the group "staff". It's up to the system administrator to use it
in the ftp file area.
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@perseus.fho-emden.de
Constantiaplatz 4, 26723 Emden, Germany
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: tobias@et-inf.fho-emden.de
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <9510070939.AA13470@server.et-inf.fho-emden.de>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: tobias@et-inf.fho-emden.de, debian-bugs@pixar.com
Resent-From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 04:33:03 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080432420@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 04:33:03 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 04:32:40 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1YBo-000HSRC; Sat, 7 Oct 95 05:17 PDT
Received: from server.et-inf.fho-emden.de by pixar.com with SMTP id AA22446
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 02:48:16 -0700
Received: by server.et-inf.fho-emden.de (5.65/DEC-Ultrix/4.3)
id AA13470; Sat, 7 Oct 1995 10:39:44 +0100
Message-Id: <9510070939.AA13470@server.et-inf.fho-emden.de>
To: iwj10@cus.cam.ac.uk, debian-bugs@pixar.com
Date: Sat, 7 Oct 1995 10:39:43 +0100 (MET)
From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
In-Reply-To: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk> from "Ian Jackson" at Oct 6, 95 07:26:00 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Content-Length: 1646
Ian Jackson wrote:
> Package: wu-ftpd
> Version: 2.4-13
>
> The wu-ftpd package installs a minimal /etc/group file in the anonftp
> area. I don't remember whether it added a group with gid 50 to
> /etc/group, but it makes the ftp area owned by group 50, and lists gid
> 50 as `ftp' in the anon-FTP /etc/group.
The home directory of ftp and its subdirectories are owned by root.root.
I'm using the group "staff" (not the number 50) because there is no need
to use the privileged group "root". The system administrator can change
the whole ftp tree to group "staff" to allow them to change things in
this area. The ~ftp/etc/group lists the group "staff" as group "ftp".
computer-security/anonymous-ftp-faq:
| 1) Create the user ftp in /etc/passwd. Use a misc group. The user's home
| directory will be ~ftp where ~ftp is the root you wish anonymous users to
| see. Creating this user turns on anonymous ftp.
> However, on my ~~ 0.93R5 system /etc/group contains group 50 as
> `staff', and that group owns /usr/local.
This was intentional :-).
> There doesn't appear to be a security problem, because the wu-ftpd
> doesn't ever seem (for example) to access files with gid 50, but this
> is anomalous and should be corrected.
I don't think it is anomalous or a bug. Why should the ftp account
not use the group "staff". It's up to the system administrator to use it
in the ftp file area.
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@perseus.fho-emden.de
Constantiaplatz 4, 26723 Emden, Germany
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: tobias@et-inf.fho-emden.de
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <9510070939.AA13470@server.et-inf.fho-emden.de>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: tobias@et-inf.fho-emden.de, debian-bugs@pixar.com
Resent-From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 05:03:02 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080500020@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 05:03:02 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 04:59:59 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1Yf1-000HUPC; Sat, 7 Oct 95 05:47 PDT
Received: from server.et-inf.fho-emden.de by pixar.com with SMTP id AA22446
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 02:48:16 -0700
Received: by server.et-inf.fho-emden.de (5.65/DEC-Ultrix/4.3)
id AA13470; Sat, 7 Oct 1995 10:39:44 +0100
Message-Id: <9510070939.AA13470@server.et-inf.fho-emden.de>
To: iwj10@cus.cam.ac.uk, debian-bugs@pixar.com
Date: Sat, 7 Oct 1995 10:39:43 +0100 (MET)
From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
In-Reply-To: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk> from "Ian Jackson" at Oct 6, 95 07:26:00 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Content-Length: 1646
Ian Jackson wrote:
> Package: wu-ftpd
> Version: 2.4-13
>
> The wu-ftpd package installs a minimal /etc/group file in the anonftp
> area. I don't remember whether it added a group with gid 50 to
> /etc/group, but it makes the ftp area owned by group 50, and lists gid
> 50 as `ftp' in the anon-FTP /etc/group.
The home directory of ftp and its subdirectories are owned by root.root.
I'm using the group "staff" (not the number 50) because there is no need
to use the privileged group "root". The system administrator can change
the whole ftp tree to group "staff" to allow them to change things in
this area. The ~ftp/etc/group lists the group "staff" as group "ftp".
computer-security/anonymous-ftp-faq:
| 1) Create the user ftp in /etc/passwd. Use a misc group. The user's home
| directory will be ~ftp where ~ftp is the root you wish anonymous users to
| see. Creating this user turns on anonymous ftp.
> However, on my ~~ 0.93R5 system /etc/group contains group 50 as
> `staff', and that group owns /usr/local.
This was intentional :-).
> There doesn't appear to be a security problem, because the wu-ftpd
> doesn't ever seem (for example) to access files with gid 50, but this
> is anomalous and should be corrected.
I don't think it is anomalous or a bug. Why should the ftp account
not use the group "staff". It's up to the system administrator to use it
in the ftp file area.
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@perseus.fho-emden.de
Constantiaplatz 4, 26723 Emden, Germany
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: tobias@et-inf.fho-emden.de
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <9510070939.AA13470@server.et-inf.fho-emden.de>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: tobias@et-inf.fho-emden.de, debian-bugs@pixar.com
Resent-From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 05:18:02 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080511160@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 05:18:02 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 05:11:14 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1YPf-000HTWC; Sat, 7 Oct 95 05:31 PDT
Received: from server.et-inf.fho-emden.de by pixar.com with SMTP id AA22446
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 02:48:16 -0700
Received: by server.et-inf.fho-emden.de (5.65/DEC-Ultrix/4.3)
id AA13470; Sat, 7 Oct 1995 10:39:44 +0100
Message-Id: <9510070939.AA13470@server.et-inf.fho-emden.de>
To: iwj10@cus.cam.ac.uk, debian-bugs@pixar.com
Date: Sat, 7 Oct 1995 10:39:43 +0100 (MET)
From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
In-Reply-To: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk> from "Ian Jackson" at Oct 6, 95 07:26:00 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Content-Length: 1646
Ian Jackson wrote:
> Package: wu-ftpd
> Version: 2.4-13
>
> The wu-ftpd package installs a minimal /etc/group file in the anonftp
> area. I don't remember whether it added a group with gid 50 to
> /etc/group, but it makes the ftp area owned by group 50, and lists gid
> 50 as `ftp' in the anon-FTP /etc/group.
The home directory of ftp and its subdirectories are owned by root.root.
I'm using the group "staff" (not the number 50) because there is no need
to use the privileged group "root". The system administrator can change
the whole ftp tree to group "staff" to allow them to change things in
this area. The ~ftp/etc/group lists the group "staff" as group "ftp".
computer-security/anonymous-ftp-faq:
| 1) Create the user ftp in /etc/passwd. Use a misc group. The user's home
| directory will be ~ftp where ~ftp is the root you wish anonymous users to
| see. Creating this user turns on anonymous ftp.
> However, on my ~~ 0.93R5 system /etc/group contains group 50 as
> `staff', and that group owns /usr/local.
This was intentional :-).
> There doesn't appear to be a security problem, because the wu-ftpd
> doesn't ever seem (for example) to access files with gid 50, but this
> is anomalous and should be corrected.
I don't think it is anomalous or a bug. Why should the ftp account
not use the group "staff". It's up to the system administrator to use it
in the ftp file area.
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@perseus.fho-emden.de
Constantiaplatz 4, 26723 Emden, Germany
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: tobias@et-inf.fho-emden.de
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <9510070939.AA13470@server.et-inf.fho-emden.de>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: tobias@et-inf.fho-emden.de, debian-bugs@pixar.com
Resent-From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 05:33:02 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080522310@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 05:33:02 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 05:22:29 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1YtT-000HVZC; Sat, 7 Oct 95 06:02 PDT
Received: from server.et-inf.fho-emden.de by pixar.com with SMTP id AA22446
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 02:48:16 -0700
Received: by server.et-inf.fho-emden.de (5.65/DEC-Ultrix/4.3)
id AA13470; Sat, 7 Oct 1995 10:39:44 +0100
Message-Id: <9510070939.AA13470@server.et-inf.fho-emden.de>
To: iwj10@cus.cam.ac.uk, debian-bugs@pixar.com
Date: Sat, 7 Oct 1995 10:39:43 +0100 (MET)
From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
In-Reply-To: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk> from "Ian Jackson" at Oct 6, 95 07:26:00 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Content-Length: 1646
Ian Jackson wrote:
> Package: wu-ftpd
> Version: 2.4-13
>
> The wu-ftpd package installs a minimal /etc/group file in the anonftp
> area. I don't remember whether it added a group with gid 50 to
> /etc/group, but it makes the ftp area owned by group 50, and lists gid
> 50 as `ftp' in the anon-FTP /etc/group.
The home directory of ftp and its subdirectories are owned by root.root.
I'm using the group "staff" (not the number 50) because there is no need
to use the privileged group "root". The system administrator can change
the whole ftp tree to group "staff" to allow them to change things in
this area. The ~ftp/etc/group lists the group "staff" as group "ftp".
computer-security/anonymous-ftp-faq:
| 1) Create the user ftp in /etc/passwd. Use a misc group. The user's home
| directory will be ~ftp where ~ftp is the root you wish anonymous users to
| see. Creating this user turns on anonymous ftp.
> However, on my ~~ 0.93R5 system /etc/group contains group 50 as
> `staff', and that group owns /usr/local.
This was intentional :-).
> There doesn't appear to be a security problem, because the wu-ftpd
> doesn't ever seem (for example) to access files with gid 50, but this
> is anomalous and should be corrected.
I don't think it is anomalous or a bug. Why should the ftp account
not use the group "staff". It's up to the system administrator to use it
in the ftp file area.
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@perseus.fho-emden.de
Constantiaplatz 4, 26723 Emden, Germany
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: tobias@et-inf.fho-emden.de
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <9510070939.AA13470@server.et-inf.fho-emden.de>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: tobias@et-inf.fho-emden.de, debian-bugs@pixar.com
Resent-From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 06:03:02 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080552080@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 06:03:02 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 05:52:06 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1Z8z-000HWyC; Sat, 7 Oct 95 06:18 PDT
Received: from server.et-inf.fho-emden.de by pixar.com with SMTP id AA22446
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 02:48:16 -0700
Received: by server.et-inf.fho-emden.de (5.65/DEC-Ultrix/4.3)
id AA13470; Sat, 7 Oct 1995 10:39:44 +0100
Message-Id: <9510070939.AA13470@server.et-inf.fho-emden.de>
To: iwj10@cus.cam.ac.uk, debian-bugs@pixar.com
Date: Sat, 7 Oct 1995 10:39:43 +0100 (MET)
From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
In-Reply-To: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk> from "Ian Jackson" at Oct 6, 95 07:26:00 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Content-Length: 1646
Ian Jackson wrote:
> Package: wu-ftpd
> Version: 2.4-13
>
> The wu-ftpd package installs a minimal /etc/group file in the anonftp
> area. I don't remember whether it added a group with gid 50 to
> /etc/group, but it makes the ftp area owned by group 50, and lists gid
> 50 as `ftp' in the anon-FTP /etc/group.
The home directory of ftp and its subdirectories are owned by root.root.
I'm using the group "staff" (not the number 50) because there is no need
to use the privileged group "root". The system administrator can change
the whole ftp tree to group "staff" to allow them to change things in
this area. The ~ftp/etc/group lists the group "staff" as group "ftp".
computer-security/anonymous-ftp-faq:
| 1) Create the user ftp in /etc/passwd. Use a misc group. The user's home
| directory will be ~ftp where ~ftp is the root you wish anonymous users to
| see. Creating this user turns on anonymous ftp.
> However, on my ~~ 0.93R5 system /etc/group contains group 50 as
> `staff', and that group owns /usr/local.
This was intentional :-).
> There doesn't appear to be a security problem, because the wu-ftpd
> doesn't ever seem (for example) to access files with gid 50, but this
> is anomalous and should be corrected.
I don't think it is anomalous or a bug. Why should the ftp account
not use the group "staff". It's up to the system administrator to use it
in the ftp file area.
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@perseus.fho-emden.de
Constantiaplatz 4, 26723 Emden, Germany
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: tobias@et-inf.fho-emden.de
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <9510070939.AA13470@server.et-inf.fho-emden.de>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: Ian Jackson <iwj10@cus.cam.ac.uk>, debian-bugs@pixar.com
Resent-From: Ian Jackson <iwj10@cus.cam.ac.uk>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 06:18:05 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080614340@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 06:18:05 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 06:14:32 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1Zgz-000HZgC; Sat, 7 Oct 95 06:53 PDT
Received: from bootes.cus.cam.ac.uk by pixar.com with SMTP id AA26463
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 06:53:07 -0700
Received: by bootes.cus.cam.ac.uk
(Smail-3.1.29.0 #36) id m0t1Zgk-000BzVC; Sat, 7 Oct 95 14:53 BST
Received: by chiark
id <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
(Debian /\oo/\ Smail3.1.29.1 #29.33); Sat, 7 Oct 95 14:51 BST
Message-Id: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
Date: Sat, 7 Oct 95 14:51 BST
From: Ian Jackson <iwj10@cus.cam.ac.uk>
To: debian-bugs@pixar.com
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk>
<9510070939.AA13470@server.et-inf.fho-emden.de>
Peter Tobias writes ("Re: Bug#1556: FTP gid = 50 ?"):
> [...]
> The home directory of ftp and its subdirectories are owned by root.root.
> I'm using the group "staff" (not the number 50) because there is no need
> to use the privileged group "root". The system administrator can change
> the whole ftp tree to group "staff" to allow them to change things in
> this area.
That sounds entirely sensible.
> The ~ftp/etc/group lists the group "staff" as group "ftp".
However, I don't understand why you do this ? Why not just list
`staff' as `staff' in the FTP server's /etc/group ?
> I don't think it is anomalous or a bug. Why should the ftp account
> not use the group "staff". It's up to the system administrator to use it
> in the ftp file area.
I think it's good that it uses group `staff'. I don't think it's good
that it confused me enough to make me wonder if there was a problem.
This effect may well cause other people to set permissions on
directories inappropriately, or even to try to split apart the `ftp'
and `staff' groups ...
Ian.
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: Ian Jackson <iwj10@cus.cam.ac.uk>
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
References: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: tobias@et-inf.fho-emden.de, debian-bugs@pixar.com
Resent-From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 06:18:09 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080615500@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 06:18:09 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 06:15:48 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1Zi8-000HYxC; Sat, 7 Oct 95 06:54 PDT
Received: from server.et-inf.fho-emden.de by pixar.com with SMTP id AA22446
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 02:48:16 -0700
Received: by server.et-inf.fho-emden.de (5.65/DEC-Ultrix/4.3)
id AA13470; Sat, 7 Oct 1995 10:39:44 +0100
Message-Id: <9510070939.AA13470@server.et-inf.fho-emden.de>
To: iwj10@cus.cam.ac.uk, debian-bugs@pixar.com
Date: Sat, 7 Oct 1995 10:39:43 +0100 (MET)
From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
In-Reply-To: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk> from "Ian Jackson" at Oct 6, 95 07:26:00 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Content-Length: 1646
Ian Jackson wrote:
> Package: wu-ftpd
> Version: 2.4-13
>
> The wu-ftpd package installs a minimal /etc/group file in the anonftp
> area. I don't remember whether it added a group with gid 50 to
> /etc/group, but it makes the ftp area owned by group 50, and lists gid
> 50 as `ftp' in the anon-FTP /etc/group.
The home directory of ftp and its subdirectories are owned by root.root.
I'm using the group "staff" (not the number 50) because there is no need
to use the privileged group "root". The system administrator can change
the whole ftp tree to group "staff" to allow them to change things in
this area. The ~ftp/etc/group lists the group "staff" as group "ftp".
computer-security/anonymous-ftp-faq:
| 1) Create the user ftp in /etc/passwd. Use a misc group. The user's home
| directory will be ~ftp where ~ftp is the root you wish anonymous users to
| see. Creating this user turns on anonymous ftp.
> However, on my ~~ 0.93R5 system /etc/group contains group 50 as
> `staff', and that group owns /usr/local.
This was intentional :-).
> There doesn't appear to be a security problem, because the wu-ftpd
> doesn't ever seem (for example) to access files with gid 50, but this
> is anomalous and should be corrected.
I don't think it is anomalous or a bug. Why should the ftp account
not use the group "staff". It's up to the system administrator to use it
in the ftp file area.
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@perseus.fho-emden.de
Constantiaplatz 4, 26723 Emden, Germany
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: tobias@et-inf.fho-emden.de
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <9510070939.AA13470@server.et-inf.fho-emden.de>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: Ian Jackson <iwj10@cus.cam.ac.uk>, debian-bugs@pixar.com
Resent-From: Ian Jackson <iwj10@cus.cam.ac.uk>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 06:33:04 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080619490@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 06:33:04 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 06:19:47 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1ZnM-000HZfC; Sat, 7 Oct 95 07:00 PDT
Received: from bootes.cus.cam.ac.uk by pixar.com with SMTP id AA26463
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 06:53:07 -0700
Received: by bootes.cus.cam.ac.uk
(Smail-3.1.29.0 #36) id m0t1Zgk-000BzVC; Sat, 7 Oct 95 14:53 BST
Received: by chiark
id <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
(Debian /\oo/\ Smail3.1.29.1 #29.33); Sat, 7 Oct 95 14:51 BST
Message-Id: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
Date: Sat, 7 Oct 95 14:51 BST
From: Ian Jackson <iwj10@cus.cam.ac.uk>
To: debian-bugs@pixar.com
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk>
<9510070939.AA13470@server.et-inf.fho-emden.de>
Peter Tobias writes ("Re: Bug#1556: FTP gid = 50 ?"):
> [...]
> The home directory of ftp and its subdirectories are owned by root.root.
> I'm using the group "staff" (not the number 50) because there is no need
> to use the privileged group "root". The system administrator can change
> the whole ftp tree to group "staff" to allow them to change things in
> this area.
That sounds entirely sensible.
> The ~ftp/etc/group lists the group "staff" as group "ftp".
However, I don't understand why you do this ? Why not just list
`staff' as `staff' in the FTP server's /etc/group ?
> I don't think it is anomalous or a bug. Why should the ftp account
> not use the group "staff". It's up to the system administrator to use it
> in the ftp file area.
I think it's good that it uses group `staff'. I don't think it's good
that it confused me enough to make me wonder if there was a problem.
This effect may well cause other people to set permissions on
directories inappropriately, or even to try to split apart the `ftp'
and `staff' groups ...
Ian.
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: Ian Jackson <iwj10@cus.cam.ac.uk>
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
References: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: tobias@et-inf.fho-emden.de, debian-bugs@pixar.com
Resent-From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 06:33:06 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080622230@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 06:33:06 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 06:22:21 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1ZPe-000HSmC; Sat, 7 Oct 95 06:35 PDT
Received: from server.et-inf.fho-emden.de by pixar.com with SMTP id AA22446
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 02:48:16 -0700
Received: by server.et-inf.fho-emden.de (5.65/DEC-Ultrix/4.3)
id AA13470; Sat, 7 Oct 1995 10:39:44 +0100
Message-Id: <9510070939.AA13470@server.et-inf.fho-emden.de>
To: iwj10@cus.cam.ac.uk, debian-bugs@pixar.com
Date: Sat, 7 Oct 1995 10:39:43 +0100 (MET)
From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
In-Reply-To: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk> from "Ian Jackson" at Oct 6, 95 07:26:00 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Content-Length: 1646
Ian Jackson wrote:
> Package: wu-ftpd
> Version: 2.4-13
>
> The wu-ftpd package installs a minimal /etc/group file in the anonftp
> area. I don't remember whether it added a group with gid 50 to
> /etc/group, but it makes the ftp area owned by group 50, and lists gid
> 50 as `ftp' in the anon-FTP /etc/group.
The home directory of ftp and its subdirectories are owned by root.root.
I'm using the group "staff" (not the number 50) because there is no need
to use the privileged group "root". The system administrator can change
the whole ftp tree to group "staff" to allow them to change things in
this area. The ~ftp/etc/group lists the group "staff" as group "ftp".
computer-security/anonymous-ftp-faq:
| 1) Create the user ftp in /etc/passwd. Use a misc group. The user's home
| directory will be ~ftp where ~ftp is the root you wish anonymous users to
| see. Creating this user turns on anonymous ftp.
> However, on my ~~ 0.93R5 system /etc/group contains group 50 as
> `staff', and that group owns /usr/local.
This was intentional :-).
> There doesn't appear to be a security problem, because the wu-ftpd
> doesn't ever seem (for example) to access files with gid 50, but this
> is anomalous and should be corrected.
I don't think it is anomalous or a bug. Why should the ftp account
not use the group "staff". It's up to the system administrator to use it
in the ftp file area.
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@perseus.fho-emden.de
Constantiaplatz 4, 26723 Emden, Germany
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: tobias@et-inf.fho-emden.de
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <9510070939.AA13470@server.et-inf.fho-emden.de>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: tobias@et-inf.fho-emden.de, debian-bugs@pixar.com
Resent-From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 06:33:13 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080632440@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 06:33:13 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 06:32:42 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1ZxU-000HbGC; Sat, 7 Oct 95 07:10 PDT
Received: from server.et-inf.fho-emden.de by pixar.com with SMTP id AA22446
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 02:48:16 -0700
Received: by server.et-inf.fho-emden.de (5.65/DEC-Ultrix/4.3)
id AA13470; Sat, 7 Oct 1995 10:39:44 +0100
Message-Id: <9510070939.AA13470@server.et-inf.fho-emden.de>
To: iwj10@cus.cam.ac.uk, debian-bugs@pixar.com
Date: Sat, 7 Oct 1995 10:39:43 +0100 (MET)
From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
In-Reply-To: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk> from "Ian Jackson" at Oct 6, 95 07:26:00 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Content-Length: 1646
Ian Jackson wrote:
> Package: wu-ftpd
> Version: 2.4-13
>
> The wu-ftpd package installs a minimal /etc/group file in the anonftp
> area. I don't remember whether it added a group with gid 50 to
> /etc/group, but it makes the ftp area owned by group 50, and lists gid
> 50 as `ftp' in the anon-FTP /etc/group.
The home directory of ftp and its subdirectories are owned by root.root.
I'm using the group "staff" (not the number 50) because there is no need
to use the privileged group "root". The system administrator can change
the whole ftp tree to group "staff" to allow them to change things in
this area. The ~ftp/etc/group lists the group "staff" as group "ftp".
computer-security/anonymous-ftp-faq:
| 1) Create the user ftp in /etc/passwd. Use a misc group. The user's home
| directory will be ~ftp where ~ftp is the root you wish anonymous users to
| see. Creating this user turns on anonymous ftp.
> However, on my ~~ 0.93R5 system /etc/group contains group 50 as
> `staff', and that group owns /usr/local.
This was intentional :-).
> There doesn't appear to be a security problem, because the wu-ftpd
> doesn't ever seem (for example) to access files with gid 50, but this
> is anomalous and should be corrected.
I don't think it is anomalous or a bug. Why should the ftp account
not use the group "staff". It's up to the system administrator to use it
in the ftp file area.
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@perseus.fho-emden.de
Constantiaplatz 4, 26723 Emden, Germany
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: tobias@et-inf.fho-emden.de
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <9510070939.AA13470@server.et-inf.fho-emden.de>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: tobias@et-inf.fho-emden.de, debian-bugs@pixar.com
Resent-From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 08:48:02 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080844430@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 08:48:02 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 08:44:41 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1a9c-000HeSC; Sat, 7 Oct 95 07:23 PDT
Received: from server.et-inf.fho-emden.de by pixar.com with SMTP id AA22446
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 02:48:16 -0700
Received: by server.et-inf.fho-emden.de (5.65/DEC-Ultrix/4.3)
id AA13470; Sat, 7 Oct 1995 10:39:44 +0100
Message-Id: <9510070939.AA13470@server.et-inf.fho-emden.de>
To: iwj10@cus.cam.ac.uk, debian-bugs@pixar.com
Date: Sat, 7 Oct 1995 10:39:43 +0100 (MET)
From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
In-Reply-To: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk> from "Ian Jackson" at Oct 6, 95 07:26:00 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Content-Length: 1646
Ian Jackson wrote:
> Package: wu-ftpd
> Version: 2.4-13
>
> The wu-ftpd package installs a minimal /etc/group file in the anonftp
> area. I don't remember whether it added a group with gid 50 to
> /etc/group, but it makes the ftp area owned by group 50, and lists gid
> 50 as `ftp' in the anon-FTP /etc/group.
The home directory of ftp and its subdirectories are owned by root.root.
I'm using the group "staff" (not the number 50) because there is no need
to use the privileged group "root". The system administrator can change
the whole ftp tree to group "staff" to allow them to change things in
this area. The ~ftp/etc/group lists the group "staff" as group "ftp".
computer-security/anonymous-ftp-faq:
| 1) Create the user ftp in /etc/passwd. Use a misc group. The user's home
| directory will be ~ftp where ~ftp is the root you wish anonymous users to
| see. Creating this user turns on anonymous ftp.
> However, on my ~~ 0.93R5 system /etc/group contains group 50 as
> `staff', and that group owns /usr/local.
This was intentional :-).
> There doesn't appear to be a security problem, because the wu-ftpd
> doesn't ever seem (for example) to access files with gid 50, but this
> is anomalous and should be corrected.
I don't think it is anomalous or a bug. Why should the ftp account
not use the group "staff". It's up to the system administrator to use it
in the ftp file area.
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@perseus.fho-emden.de
Constantiaplatz 4, 26723 Emden, Germany
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: tobias@et-inf.fho-emden.de
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <9510070939.AA13470@server.et-inf.fho-emden.de>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: Ian Jackson <iwj10@cus.cam.ac.uk>, debian-bugs@pixar.com
Resent-From: Ian Jackson <iwj10@cus.cam.ac.uk>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 08:48:08 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080846470@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 08:48:08 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 08:46:45 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1aGr-000HfOC; Sat, 7 Oct 95 07:30 PDT
Received: from bootes.cus.cam.ac.uk by pixar.com with SMTP id AA26463
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 06:53:07 -0700
Received: by bootes.cus.cam.ac.uk
(Smail-3.1.29.0 #36) id m0t1Zgk-000BzVC; Sat, 7 Oct 95 14:53 BST
Received: by chiark
id <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
(Debian /\oo/\ Smail3.1.29.1 #29.33); Sat, 7 Oct 95 14:51 BST
Message-Id: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
Date: Sat, 7 Oct 95 14:51 BST
From: Ian Jackson <iwj10@cus.cam.ac.uk>
To: debian-bugs@pixar.com
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk>
<9510070939.AA13470@server.et-inf.fho-emden.de>
Peter Tobias writes ("Re: Bug#1556: FTP gid = 50 ?"):
> [...]
> The home directory of ftp and its subdirectories are owned by root.root.
> I'm using the group "staff" (not the number 50) because there is no need
> to use the privileged group "root". The system administrator can change
> the whole ftp tree to group "staff" to allow them to change things in
> this area.
That sounds entirely sensible.
> The ~ftp/etc/group lists the group "staff" as group "ftp".
However, I don't understand why you do this ? Why not just list
`staff' as `staff' in the FTP server's /etc/group ?
> I don't think it is anomalous or a bug. Why should the ftp account
> not use the group "staff". It's up to the system administrator to use it
> in the ftp file area.
I think it's good that it uses group `staff'. I don't think it's good
that it confused me enough to make me wonder if there was a problem.
This effect may well cause other people to set permissions on
directories inappropriately, or even to try to split apart the `ftp'
and `staff' groups ...
Ian.
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: Ian Jackson <iwj10@cus.cam.ac.uk>
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
References: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: Ian Jackson <iwj10@cus.cam.ac.uk>, debian-bugs@pixar.com
Resent-From: Ian Jackson <iwj10@cus.cam.ac.uk>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 09:03:03 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080848510@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 09:03:03 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 08:48:49 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1amf-000HitC; Sat, 7 Oct 95 08:03 PDT
Received: from bootes.cus.cam.ac.uk by pixar.com with SMTP id AA26463
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 06:53:07 -0700
Received: by bootes.cus.cam.ac.uk
(Smail-3.1.29.0 #36) id m0t1Zgk-000BzVC; Sat, 7 Oct 95 14:53 BST
Received: by chiark
id <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
(Debian /\oo/\ Smail3.1.29.1 #29.33); Sat, 7 Oct 95 14:51 BST
Message-Id: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
Date: Sat, 7 Oct 95 14:51 BST
From: Ian Jackson <iwj10@cus.cam.ac.uk>
To: debian-bugs@pixar.com
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk>
<9510070939.AA13470@server.et-inf.fho-emden.de>
Peter Tobias writes ("Re: Bug#1556: FTP gid = 50 ?"):
> [...]
> The home directory of ftp and its subdirectories are owned by root.root.
> I'm using the group "staff" (not the number 50) because there is no need
> to use the privileged group "root". The system administrator can change
> the whole ftp tree to group "staff" to allow them to change things in
> this area.
That sounds entirely sensible.
> The ~ftp/etc/group lists the group "staff" as group "ftp".
However, I don't understand why you do this ? Why not just list
`staff' as `staff' in the FTP server's /etc/group ?
> I don't think it is anomalous or a bug. Why should the ftp account
> not use the group "staff". It's up to the system administrator to use it
> in the ftp file area.
I think it's good that it uses group `staff'. I don't think it's good
that it confused me enough to make me wonder if there was a problem.
This effect may well cause other people to set permissions on
directories inappropriately, or even to try to split apart the `ftp'
and `staff' groups ...
Ian.
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: Ian Jackson <iwj10@cus.cam.ac.uk>
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
References: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: tobias@et-inf.fho-emden.de, debian-bugs@pixar.com
Resent-From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 09:03:05 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080849530@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 09:03:05 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 08:49:51 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1aPW-000Hd9C; Sat, 7 Oct 95 07:39 PDT
Received: from server.et-inf.fho-emden.de by pixar.com with SMTP id AA22446
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 02:48:16 -0700
Received: by server.et-inf.fho-emden.de (5.65/DEC-Ultrix/4.3)
id AA13470; Sat, 7 Oct 1995 10:39:44 +0100
Message-Id: <9510070939.AA13470@server.et-inf.fho-emden.de>
To: iwj10@cus.cam.ac.uk, debian-bugs@pixar.com
Date: Sat, 7 Oct 1995 10:39:43 +0100 (MET)
From: "Peter Tobias" <tobias@server.et-inf.fho-emden.de>
In-Reply-To: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk> from "Ian Jackson" at Oct 6, 95 07:26:00 pm
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Content-Length: 1646
Ian Jackson wrote:
> Package: wu-ftpd
> Version: 2.4-13
>
> The wu-ftpd package installs a minimal /etc/group file in the anonftp
> area. I don't remember whether it added a group with gid 50 to
> /etc/group, but it makes the ftp area owned by group 50, and lists gid
> 50 as `ftp' in the anon-FTP /etc/group.
The home directory of ftp and its subdirectories are owned by root.root.
I'm using the group "staff" (not the number 50) because there is no need
to use the privileged group "root". The system administrator can change
the whole ftp tree to group "staff" to allow them to change things in
this area. The ~ftp/etc/group lists the group "staff" as group "ftp".
computer-security/anonymous-ftp-faq:
| 1) Create the user ftp in /etc/passwd. Use a misc group. The user's home
| directory will be ~ftp where ~ftp is the root you wish anonymous users to
| see. Creating this user turns on anonymous ftp.
> However, on my ~~ 0.93R5 system /etc/group contains group 50 as
> `staff', and that group owns /usr/local.
This was intentional :-).
> There doesn't appear to be a security problem, because the wu-ftpd
> doesn't ever seem (for example) to access files with gid 50, but this
> is anomalous and should be corrected.
I don't think it is anomalous or a bug. Why should the ftp account
not use the group "staff". It's up to the system administrator to use it
in the ftp file area.
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@perseus.fho-emden.de
Constantiaplatz 4, 26723 Emden, Germany
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: tobias@et-inf.fho-emden.de
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <9510070939.AA13470@server.et-inf.fho-emden.de>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: Ian Jackson <iwj10@cus.cam.ac.uk>, debian-bugs@pixar.com
Resent-From: Ian Jackson <iwj10@cus.cam.ac.uk>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 09:03:12 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080852580@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 09:03:12 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 08:52:56 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1b1g-000HkwC; Sat, 7 Oct 95 08:19 PDT
Received: from bootes.cus.cam.ac.uk by pixar.com with SMTP id AA26463
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 06:53:07 -0700
Received: by bootes.cus.cam.ac.uk
(Smail-3.1.29.0 #36) id m0t1Zgk-000BzVC; Sat, 7 Oct 95 14:53 BST
Received: by chiark
id <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
(Debian /\oo/\ Smail3.1.29.1 #29.33); Sat, 7 Oct 95 14:51 BST
Message-Id: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
Date: Sat, 7 Oct 95 14:51 BST
From: Ian Jackson <iwj10@cus.cam.ac.uk>
To: debian-bugs@pixar.com
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk>
<9510070939.AA13470@server.et-inf.fho-emden.de>
Peter Tobias writes ("Re: Bug#1556: FTP gid = 50 ?"):
> [...]
> The home directory of ftp and its subdirectories are owned by root.root.
> I'm using the group "staff" (not the number 50) because there is no need
> to use the privileged group "root". The system administrator can change
> the whole ftp tree to group "staff" to allow them to change things in
> this area.
That sounds entirely sensible.
> The ~ftp/etc/group lists the group "staff" as group "ftp".
However, I don't understand why you do this ? Why not just list
`staff' as `staff' in the FTP server's /etc/group ?
> I don't think it is anomalous or a bug. Why should the ftp account
> not use the group "staff". It's up to the system administrator to use it
> in the ftp file area.
I think it's good that it uses group `staff'. I don't think it's good
that it confused me enough to make me wonder if there was a problem.
This effect may well cause other people to set permissions on
directories inappropriately, or even to try to split apart the `ftp'
and `staff' groups ...
Ian.
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: Ian Jackson <iwj10@cus.cam.ac.uk>
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
References: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1556: FTP gid = 50 ?
Reply-To: Ian Jackson <iwj10@cus.cam.ac.uk>, debian-bugs@pixar.com
Resent-From: Ian Jackson <iwj10@cus.cam.ac.uk>
Resent-To: debian-devel@pixar.com
Resent-Date: Sun, 08 Oct 1995 09:18:04 GMT
Resent-Message-ID: <debian-bugs-handler.1556.B10080918010@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: wu-ftpd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Sun, 08 Oct 1995 09:18:04 GMT
Received: with rfc822 via encapsulated-mail; Sun, 08 Oct 1995 09:17:59 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1bFV-000HmMC; Sat, 7 Oct 95 08:33 PDT
Received: from bootes.cus.cam.ac.uk by pixar.com with SMTP id AA26463
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 7 Oct 1995 06:53:07 -0700
Received: by bootes.cus.cam.ac.uk
(Smail-3.1.29.0 #36) id m0t1Zgk-000BzVC; Sat, 7 Oct 95 14:53 BST
Received: by chiark
id <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
(Debian /\oo/\ Smail3.1.29.1 #29.33); Sat, 7 Oct 95 14:51 BST
Message-Id: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
Date: Sat, 7 Oct 95 14:51 BST
From: Ian Jackson <iwj10@cus.cam.ac.uk>
To: debian-bugs@pixar.com
In-Reply-To: <9510070939.AA13470@server.et-inf.fho-emden.de>
References: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk>
<9510070939.AA13470@server.et-inf.fho-emden.de>
Peter Tobias writes ("Re: Bug#1556: FTP gid = 50 ?"):
> [...]
> The home directory of ftp and its subdirectories are owned by root.root.
> I'm using the group "staff" (not the number 50) because there is no need
> to use the privileged group "root". The system administrator can change
> the whole ftp tree to group "staff" to allow them to change things in
> this area.
That sounds entirely sensible.
> The ~ftp/etc/group lists the group "staff" as group "ftp".
However, I don't understand why you do this ? Why not just list
`staff' as `staff' in the FTP server's /etc/group ?
> I don't think it is anomalous or a bug. Why should the ftp account
> not use the group "staff". It's up to the system administrator to use it
> in the ftp file area.
I think it's good that it uses group `staff'. I don't think it's good
that it confused me enough to make me wonder if there was a problem.
This effect may well cause other people to set permissions on
directories inappropriately, or even to try to split apart the `ftp'
and `staff' groups ...
Ian.
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: Ian Jackson <iwj10@cus.cam.ac.uk>
Subject: Bug#1556: Info received (was Bug#1556: FTP gid = 50 ?)
In-Reply-To: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
References: <m0t1Zf4-0002aNZ@chiark.al.cl.cam.ac.uk>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1556" or "Re: Bug#1556" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: tobias@et-inf.fho-emden.de
In-Reply-To: <9510101519.AA27026@server.et-inf.fho-emden.de>
References: <9510101519.AA27026@server.et-inf.fho-emden.de> <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk>
Subject: Bug#1556: marked as done (was: FTP gid = 50 ?)
Your message dated Tue, 10 Oct 1995 16:19:38 +0100 (MET)
with message-id <9510101519.AA27026@server.et-inf.fho-emden.de>
and subject line Bug#1556: FTP gid = 50 ?
has caused the attached bug report to be marked as done.
It is your now responsibility to ensure that the bug report is dealt
with.
(NB: If you are a system administrator and have no idea what I'm
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Ian Jackson
(maintainer, debian-bugs)
Received: with rfc822 via encapsulated-mail; Fri, 06 Oct 1995 18:28:47 GMT
From thor.cam.ac.uk!iwj10 Fri Oct 6 11:27:00 1995
Return-Path: <iwj10@thor.cam.ac.uk>
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t1HU4-000BD7C; Fri, 6 Oct 95 11:27 PDT
Received: from hammer.thor.cam.ac.uk by pixar.com with SMTP id AA04726
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Fri, 6 Oct 1995 11:26:39 -0700
Received: by hammer.thor.cam.ac.uk
(Smail-3.1.29.0 #77) id m0t1HTx-000JfBC; Fri, 6 Oct 95 19:26 BST
Message-Id: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk>
Date: Fri, 6 Oct 95 19:26 BST
Sender: iwj10@thor.cam.ac.uk (Ian Jackson)
From: iwj10@cus.cam.ac.uk (Ian Jackson)
To: debian-bugs@pixar.com
Subject: FTP gid = 50 ?
Package: wu-ftpd
Version: 2.4-13
The wu-ftpd package installs a minimal /etc/group file in the anonftp
area. I don't remember whether it added a group with gid 50 to
/etc/group, but it makes the ftp area owned by group 50, and lists gid
50 as `ftp' in the anon-FTP /etc/group.
However, on my ~~ 0.93R5 system /etc/group contains group 50 as
`staff', and that group owns /usr/local.
There doesn't appear to be a security problem, because the wu-ftpd
doesn't ever seem (for example) to access files with gid 50, but this
is anomalous and should be corrected.
Ian.
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: iwj10@cus.cam.ac.uk (Ian Jackson)
Subject: Bug#1556 acknowledged by developer (was: FTP gid = 50 ?)
References: <9510101519.AA27026@server.et-inf.fho-emden.de> <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk>
In-Reply-To: <m0t1HTx-000JfBC@hammer.thor.cam.ac.uk>
This is an automatic notification regarding your bug report.
Responsibility for it has been taken by one of the developers, namely
"Peter Tobias" <tobias@server.et-inf.fho-emden.de> (reply to tobias@et-inf.fho-emden.de).
You should be hearing from them with a substantive response shortly, if
you have not already done so. If not, please contact them directly,
or email debian-bugs@pixar.com or myself.
Ian Jackson
(maintainer, debian-bugs)
Ian Jackson /
iwj10@thor.cam.ac.uk,
with the debian-bugs tracking mechanism