[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] FTP Server on Linux

Also make sure that you enable shadow passwords by running pwconv.
On Fri, 22 Jan 1999, Michael H. Warfield wrote:
>Matthew Brown enscribed thusly:
>> Should I be confident that I can turn on the FTP daemon without compromising
>> my security too much.  Surely someone out there is using FTP and Linux?
>> I only ask because I have heard (I think) that this is one of the 'dangerous
>> daemons' to use as far as security.
>	It can be.
>	What is your objective?
>	1) Do you wish to start up an anonymous ftp server?
>	2) Do you wish to provide incoming or upload capability?
>	3) Do you wish to provide ftp access for non-anonymous accounts?
>	Anonymous ftp should not bee too difficult to set up.  In fact,
>most distributions already have it setup and too many turn it on ftpd
>with anon ftp service by default (grrrr).  Even if they do set it up
>properly, offering a service on the network by default, which the user
>may not be aware of, is a serious security risk.
>	If you wish to allow outsiders to upload data to your system,
>make sure ~ftp/incoming is writable but not readable or searchable by
>the ftp account!  Also read and understand the options in your /etc/ftpaccess
>file.  Do not allow the creation of subdirectories under ~ftp/incoming.
>	I would strongly advise against #3 and use safer file transfer
>methods such as scp.  Using ftp may result in user passwords being passed
>in the clear on the network
>> -Matthew Brown
>	Mike
> Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
>  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
>  NIC whois:  MHW9      |  An optimist believes we live in the best of all
> PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!
David Hamm
Systems Analyst
Imaging Technologies Services Inc.
email: dhamm at itserve.com
voice: 404-885-5905