NAME
eft_wuauth - authentication for eftp4linux Eurofile server based on
wuftpd.
DESCRIPTION
If the eftp4linux Eurofile server eftd is compiled with the
CONFIG_EFTD_WUAUTH configuration option, it uses user authentication
code derived from wuftpd, the Washington University ftp daemon.
In that case eftd authenticates users according to four rules.
1) The user name must be in the password data base, /etc/passwd, or
whatever is appropriate for the operating system, and the
password must not be null. In this case a password must be
provided by the client before any file operations may be
performed.
2) The user name must not appear in the file /etc/isdn/eftusers.
3) The user must have a standard shell returned by getusershell(3).
If login failed for certain users, maybe that’s because their
login shell is not listed in /etc/shells.
4) If the user name is ‘‘anonymous’’ or ‘‘ftp’’, an anonymous ftp
account must be present in the password file (user ‘‘ftp’’). In
this case the user is allowed to log in by specifying any
password (by convention this is given as the client host’s
name).
In the last case, eftd takes special measures to restrict the client’s
access privileges. The server performs a chroot(2) command to the home
directory of the ‘‘ftp’’ user. In order that system security is not
breached, it is recommended that the ‘‘ftp’’ subtree be constructed
with care; the following rules are recommended.
~ftp) Make the home directory owned by super-user and unwritable by
anyone.
~ftp/bin)
Make this directory owned by the super-user and unwritable by
anyone. This contains auxilary programs that might be forked by
eftd(8) or ftpd(8). These programs should have mode 111.
eftd(8) currently does not need any auxilary programs. Thus, you
only need to put files here if you also want to provide
anonymous ftp service.
~ftp/etc)
Make this directory owned by the super-user and unwritable by
anyone. The files passwd(5) and group(5) must be present for
eftd to be able to produce owner names rather than numbers in
file headers and extended format directory (T-DIR primitive)
listings. Depending on the operating system, there may be other
required files. Check your manual page for the getpwent(3)
library routine. The password field in passwd is not used, and
should not contain real encrypted passwords. These files should
be mode 444 and owned by the super-user. Don’t use the system’s
/etc/passwd file as the password file or the system’s /etc/group
file as the group file in the ~ftp/etc directory.
~ftp/pub)
Create a subdirectory in ~ftp/pub with the appropriate mode (777
or 733) if you want to allow normal users to upload files.
The Eurofile file server also allows for finer grained access control
by means of the files /etc/isdn/eftaccess and /etc/isdn/efthosts.
COPYING
The main part of eftp4linux is licensed under the LGPL. However, eft
servers using the wuauth authentication libray also contain code
copyrighted by the University of California, Berkeley, by the
Washington University in Saint Louis, and their contributors. That
code is subject to a BSD style licences with advertisment clause:
Copyright (c) 1990 The Regents of the University of California. All
rights reserved.
This code is derived from software contributed to Berkeley by Chris
Torek. Redistribution and use in source and binary forms are permitted
provided that: (1) source distributions retain this entire copyright
notice and comment, and (2) distributions including binaries display
the following acknowledgement: ‘‘This product includes software
developed by the University of California, Berkeley and its
contributors’’ in the documentation or other materials provided with
the distribution and in all advertising materials mentioning features
or use of this software. Neither the name of the University nor the
names of its contributors may be used to endorse or promote products
derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED ‘‘AS IS’’ AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
Copyright (c) 1993, 1994 Washington University in Saint Louis All
rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met: 1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer. 2.
Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this
software must display the following acknowledgement: This product
includes software developed by the Washington University in Saint Louis
and its contributors. 4. Neither the name of the University nor the
names of its contributors may be used to endorse or promote products
derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY WASHINGTON UNIVERSITY AND CONTRIBUTORS
‘‘AS IS’’ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASHINGTON
UNIVERSITY OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
SEE ALSO
eftd(1), shells(5), getusershell(3), eftaccess(5), efthosts(5),
eft_xferlog(5), umask(2)
BUGS
The anonymous account is inherently dangerous and should be avoided
when possible.
The eftaccess amd efthosts files are currently not yet working as
documented.