diff options
| author | rwatson <rwatson@FreeBSD.org> | 2001-08-02 03:25:16 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2001-08-02 03:25:16 +0000 |
| commit | 1e1af75f40ca41406710beb9b92dce84af3e8325 (patch) | |
| tree | 69a33c016d59b2712939bd3387495c538e03fe8c /usr.sbin/sysinstall/anonFTP.c | |
| parent | 4f9a35a47bfc7ab2e2bd6a15305928d80f80536c (diff) | |
| download | FreeBSD-src-1e1af75f40ca41406710beb9b92dce84af3e8325.zip FreeBSD-src-1e1af75f40ca41406710beb9b92dce84af3e8325.tar.gz | |
Compensate for default disabling of network services in inetd.conf(5)
by providing the opportunity to edit inetd.conf during the system
installation process. The following modifications were made:
(1) Expand the Anonymous FTP description dialog to indicate that inetd
and ftpd must be enabled before it can be used.
(2) Introduce a new configInetd() pair of dialogs, the first describing
inetd, giving a couple of examples of services that require it, and
hinting at potential risk, then asking the user if they wish to
enable it. The second indicates that inetd.conf must be configured
to enabled specific services, and asks if the user would like to
load inetd.conf into the editor to modify it. Add this
configuration action to the index.
There are some further improvements that might be considered:
(1) Provide a more inetd.conf-specific configuration tool that speaks
inetd.conf(5). However, this is made difficult by the "yet another
configuration format" nature of inetd.conf, as well as its use of
commenting to disable services, rather than an in-syntax way to
disable a service without commenting it out. Submissions here
would probably be welcome.
(2) There's some overlap between settings in the somewhat obtuse
Security Profile mechanism and other settings, including the inetd
setting, and NFS server configuration. As features become
individually tunable, they should probably be removed from the
security profile mechanism. Otherwise, somewhat counter-intuitively,
sysinstall (in practice) queries multiple times whether inetd, nfsd,
etc, should be enabled/disabled. A possible future direction might
be to drive profiles not by degree of paranoia, rather, the set
of services desired. Or simply to remove the Security Profile
mechanism and resort to feature-driven configuration.
Reviewed by: imp, chris, jake, nate, -arch, -stable
Diffstat (limited to 'usr.sbin/sysinstall/anonFTP.c')
| -rw-r--r-- | usr.sbin/sysinstall/anonFTP.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/usr.sbin/sysinstall/anonFTP.c b/usr.sbin/sysinstall/anonFTP.c index 5291207..7606be2 100644 --- a/usr.sbin/sysinstall/anonFTP.c +++ b/usr.sbin/sysinstall/anonFTP.c @@ -238,6 +238,19 @@ int configAnonFTP(dialogMenuItem *self) { int i; + + + if (msgYesNo("Anonymous FTP permits un-authenticated users to connect to the system\n" + "FTP server, if FTP service is enabled. Anonymous users are\n" + "restricted to a specific subset of the file system, and the default\n" + "configuration provides a drop-box incoming directory to which uploads\n" + "are permitted. You must seperately enable both inetd(8), and enable\n" + "ftpd(8) in inetd.conf(5) for FTP services to be available. If you\n" + "did not do so earlier, you will have the opportunity to enable inetd(8)\n" + "again later.\n\n" + "Do you wish to continue configuring anonymous FTP?")) { + return DITEM_FAILURE; + } /* Be optimistic */ i = DITEM_SUCCESS; |
