anonymous FTP users. The FTP user entry in /etc/passwd looks like this:
Click here to view code image
ftp:x:116:124:ftp daemon,,,:/srv/ftp:/bin/false
The numbers differ on each system because they depend on the number of
configured users on the system; however, the rest of the information is the
same.
NOTE
The FTP user, as discussed here, applies to anonymous FTP configurations
and server setup. Our FTP user is configured to use /srv/ftp as the
default directory. Other Linux distributions may use a different default
directory, such as /usr/local/ftp, for FTP files and anonymous users.This entry follows the standard /etc/passwd entry: username, password,
user ID, group ID, comment field, home directory, and shell. To learn more
about /etc/password, see the section “Configuring Your Firewall” in
Chapter 20, “Securing Your Machines.”
The items in this entry are separated by colons. In the preceding example, you
can see that the Ubuntu system hosting the server uses shadowed password
(indicated by the X in the traditional password field). The shadow password
system is important because it adds an additional level of security to Ubuntu;
the shadow password system is normally installed during the Ubuntu
installation.
The FTP server software uses this user account to assign permissions to users
connecting to the server. By using the default shell /bin/false for
anonymous FTP users rather than /bin/bash or some other standard,
interactive shell, an anonymous FTP user will be unable to log in as a regular
user. /bin/false is not a shell but a program usually assigned to an
account that has been locked. As root inspection of the /etc/shadow file
shows (see Listing 34.1), it is not possible to log in to this account, denoted
by the * as the password.
LISTING 34.1 Shadow Password File ftp User Entry
Click here to view code image
# cat /etc/shadow
bin:*:11899:0:99999:7:::
daemon:*:11899:0:99999:7:::
adm:*:11899:0:99999:7:::
lp:*:11899:0:99999:7:::
...