[ih] History of Anonymous FTP

Tue Sep 28 21:01:03 PDT 2021

yours truly believes Anonymous FTP (login) showed up on Tenex first, but
Anonymous FTP without logging in probably was present on the MIT ITS
{ai,dm,ml) systems before that

with the above laconic supposition out, now here's an anecdote about
Tenex's Anonymous FTP "implementation" that let's call

WOE IS TO THEE WHO PLAYS/SIMULATES THE OPERATING SYSTEM'S "FILE SYSTEM"

the Tenex FTP Server (FTPSRV) was auto logged in as <SYSTEM>, a "wheeled"
(i.e. super-user privileged/credentialed user) at system boot time

when a remote user connected to a Tenex's FTP Server, the FTPSRV process
did a lookup on said users file permissions (user groups, etc) to see what
files said logged in user was able to access -- thereby "emulating exactly"
the access the user would have if they themselves were logged in on a
terminal

in essence, the wheel enabled and privileged FTPSRV program "emulated" what
the operating system (Tenex) itself would do

this all "worked pretty well" until Anonymous FTP was introduced into
FTPSRV wherein a user would login with user Anonymous with any password

but there was actually no Tenex user directory/account Anonymous... it only
"existed" inside of FTPSRV

so when an Anonymous user logged in to FTPSRV, "user" Anonymous's system
wide file access was, like with real users, "simulated" and "restricted" to
only globally readablr files

on Tenex the equivalent of /etc/passwd on Unix was <SYSTEM>INDEX -- a
highly protected binary file of users, their (non-encrypted) passwords,
directory access groups and such

there was a Tenex program (for super-user "wheels") called ULIST which
would print out a text readable version of this file through a get
directory information system call

ULIST also had an option to include user's passwords, and in so doing,
would get the non-encrypted passwords directly from the <SYSTEM>INDEX file
itself

so with the above background:

when Anonymous FTP was introduced on Tenex, with the wheeled FTPSRV process
playing file system, yours truly found that by first logging in to a Tenex
FTP Server with anonymous (with any password), one could then subsequently
login as any other Tenex user with any password on that connection

so what did yours truly do?

connected to BBN-Tenex (the purveyors of Tenex), logged in Anonymous(ly),
then logged in as SYSTEM and retrieved the INDEX file

good for BBN in that they actually looked at/monitored their FTPSRV.LOG
file and saw this, the result of which (other than a highly perturbed Dan
Lynch) was that not only did Tenex get encrypted passwords implemented, but
also the "let's play/simulate the file system" from a privileged account
FTPSRV was ditched and replaced with a new mechanism that had users
actually be logged in as themselves (now including an actual Tenex
directory/user ANONYMOUS)

so WOE IS TO THEE WHO PLAYS/SIMULATES AN OPERATING SYSTEM'S "FILE SYSTEM"
and also has a "treasure chest" of unencrypted passwords to be sought after
for "plunder"

The End.

On Tue, Sep 28, 2021 at 5:10 PM Dave Crocker via Internet-history <
internet-history at elists.isoc.org> wrote:

> The history of the Web usually has citations to work such as Engelbarts,
> for its conceptual history.  And that's entirely reasonable.  But that
> system was not a widely distributed set of independent operations.
>
> So I always point to Anonymous FTP as the operational base, for the
> model.  We relied on it for roughly 20 years, before gopher and the web
> gave us improved choices.
>
> But I don't remember the details of when Anonymous FTP came into
> service.  Just did a quick search and didn't find anything helpful.
>
> Perhaps this group knows some relevant details?
>
> d/
> --
> Dave Crocker
> Brandenburg InternetWorking
> bbiw.net
> --
> Internet-history mailing list
> Internet-history at elists.isoc.org
> https://elists.isoc.org/mailman/listinfo/internet-history
>
>

-- 
Geoff.Goodfellow at iconia.com
living as The Truth is True