Man Linux: Main Page and Category List

NAME

       eft_wuauth  -  authentication  for  eftp4linux Eurofile server based on
       wuftpd.

DESCRIPTION

       If  the  eftp4linux  Eurofile  server  eftd  is   compiled   with   the
       CONFIG_EFTD_WUAUTH  configuration  option,  it uses user authentication
       code derived from wuftpd, the Washington University ftp daemon.

       In that case eftd authenticates users according to four rules.

       1)     The user name must be in the password data base, /etc/passwd, or
              whatever  is  appropriate  for  the  operating  system,  and the
              password must not be null.  In this  case  a  password  must  be
              provided  by  the  client  before  any  file  operations  may be
              performed.

       2)     The user name must not appear in the file /etc/isdn/eftusers.

       3)     The user must have a standard shell returned by getusershell(3).
              If  login  failed  for certain users, maybe that’s because their
              login shell is not listed in /etc/shells.

       4)     If the user name is ‘‘anonymous’’ or ‘‘ftp’’, an  anonymous  ftp
              account must be present in the password file (user ‘‘ftp’’).  In
              this case the user is  allowed  to  log  in  by  specifying  any
              password  (by  convention  this  is  given  as the client host’s
              name).

       In the last case, eftd takes special measures to restrict the  client’s
       access privileges.  The server performs a chroot(2) command to the home
       directory of the ‘‘ftp’’ user.  In order that system  security  is  not
       breached,  it  is  recommended  that the ‘‘ftp’’ subtree be constructed
       with care;  the following rules are recommended.

       ~ftp)  Make the home directory owned by super-user  and  unwritable  by
              anyone.

       ~ftp/bin)
              Make  this  directory  owned by the super-user and unwritable by
              anyone.  This contains auxilary programs that might be forked by
              eftd(8)  or  ftpd(8).   These  programs  should  have  mode 111.
              eftd(8) currently does not need any auxilary programs. Thus, you
              only  need  to  put  files  here  if  you  also  want to provide
              anonymous ftp service.

       ~ftp/etc)
              Make this directory owned by the super-user  and  unwritable  by
              anyone.   The  files  passwd(5) and group(5) must be present for
              eftd to be able to produce owner names rather  than  numbers  in
              file  headers  and  extended  format directory (T-DIR primitive)
              listings. Depending on the operating system, there may be  other
              required  files.  Check  your  manual  page  for the getpwent(3)
              library routine.  The password field in passwd is not used,  and
              should not contain real encrypted passwords.  These files should
              be mode 444 and owned by the super-user.  Don’t use the system’s
              /etc/passwd file as the password file or the system’s /etc/group
              file as the group file in the ~ftp/etc directory.

       ~ftp/pub)
              Create a subdirectory in ~ftp/pub with the appropriate mode (777
              or 733) if you want to allow normal users to upload files.

       The  Eurofile  file server also allows for finer grained access control
       by means of the files /etc/isdn/eftaccess and /etc/isdn/efthosts.

COPYING

       The main part of eftp4linux is licensed under the  LGPL.  However,  eft
       servers  using  the  wuauth  authentication  libray  also  contain code
       copyrighted  by  the  University  of  California,  Berkeley,   by   the
       Washington  University  in  Saint  Louis, and their contributors.  That
       code is subject to a BSD style licences with advertisment clause:

       Copyright (c) 1990 The Regents of the University  of  California.   All
       rights reserved.

       This  code  is  derived  from software contributed to Berkeley by Chris
       Torek.  Redistribution and use in source and binary forms are permitted
       provided  that:  (1)  source distributions retain this entire copyright
       notice and comment, and (2) distributions  including  binaries  display
       the   following  acknowledgement:   ‘‘This  product  includes  software
       developed  by  the  University  of   California,   Berkeley   and   its
       contributors’’  in  the  documentation or other materials provided with
       the distribution and in all advertising materials  mentioning  features
       or  use  of  this  software. Neither the name of the University nor the
       names of its contributors may be used to endorse  or  promote  products
       derived  from  this software without specific prior written permission.
       THIS SOFTWARE IS PROVIDED ‘‘AS IS’’ AND WITHOUT ANY EXPRESS OR  IMPLIED
       WARRANTIES,  INCLUDING,  WITHOUT  LIMITATION, THE IMPLIED WARRANTIES OF
       MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

       Copyright (c) 1993, 1994  Washington  University  in  Saint  Louis  All
       rights reserved.

       Redistribution  and  use  in  source  and binary forms, with or without
       modification, are permitted provided that the following conditions  are
       met:  1. Redistributions of source code must retain the above copyright
       notice, this list of  conditions  and  the  following  disclaimer.   2.
       Redistributions  in  binary  form  must  reproduce  the above copyright
       notice, this list of conditions and the  following  disclaimer  in  the
       documentation  and/or  other  materials provided with the distribution.
       3. All  advertising  materials  mentioning  features  or  use  of  this
       software  must  display  the  following  acknowledgement:  This product
       includes software developed by the Washington University in Saint Louis
       and  its  contributors.   4. Neither the name of the University nor the
       names of its contributors may be used to endorse  or  promote  products
       derived from this software without specific prior written permission.

       THIS  SOFTWARE  IS  PROVIDED  BY WASHINGTON UNIVERSITY AND CONTRIBUTORS
       ‘‘AS IS’’ AND ANY EXPRESS OR IMPLIED  WARRANTIES,  INCLUDING,  BUT  NOT
       LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
       PARTICULAR PURPOSE  ARE  DISCLAIMED.   IN  NO  EVENT  SHALL  WASHINGTON
       UNIVERSITY   OR  CONTRIBUTORS  BE  LIABLE  FOR  ANY  DIRECT,  INDIRECT,
       INCIDENTAL, SPECIAL, EXEMPLARY, OR  CONSEQUENTIAL  DAMAGES  (INCLUDING,
       BUT  NOT  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
       OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED  AND
       ON  ANY  THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
       TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF  THE
       USE  OF  THIS  SOFTWARE,  EVEN  IF  ADVISED  OF THE POSSIBILITY OF SUCH
       DAMAGE.

SEE ALSO

       eftd(1),   shells(5),   getusershell(3),   eftaccess(5),   efthosts(5),
       eft_xferlog(5), umask(2)

BUGS

       The  anonymous  account  is  inherently dangerous and should be avoided
       when possible.

       The eftaccess amd efthosts files  are  currently  not  yet  working  as
       documented.