[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] FTP Server on Linux
- Subject: [ale] FTP Server on Linux
- From: dhamm at itserve.com (David Hamm)
- Date: Fri, 22 Jan 1999 14:59:02 -0500
Also make sure that you enable shadow passwords by running pwconv.
On Fri, 22 Jan 1999, Michael H. Warfield wrote:
>Matthew Brown enscribed thusly:
>> Should I be confident that I can turn on the FTP daemon without compromising
>> my security too much. Surely someone out there is using FTP and Linux?
>> I only ask because I have heard (I think) that this is one of the 'dangerous
>> daemons' to use as far as security.
> It can be.
> What is your objective?
> 1) Do you wish to start up an anonymous ftp server?
> 2) Do you wish to provide incoming or upload capability?
> 3) Do you wish to provide ftp access for non-anonymous accounts?
> Anonymous ftp should not bee too difficult to set up. In fact,
>most distributions already have it setup and too many turn it on ftpd
>with anon ftp service by default (grrrr). Even if they do set it up
>properly, offering a service on the network by default, which the user
>may not be aware of, is a serious security risk.
> If you wish to allow outsiders to upload data to your system,
>make sure ~ftp/incoming is writable but not readable or searchable by
>the ftp account! Also read and understand the options in your /etc/ftpaccess
>file. Do not allow the creation of subdirectories under ~ftp/incoming.
> I would strongly advise against #3 and use safer file transfer
>methods such as scp. Using ftp may result in user passwords being passed
>in the clear on the network
>> -Matthew Brown
> Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com
> (The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/
> NIC whois: MHW9 | An optimist believes we live in the best of all
> PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Imaging Technologies Services Inc.
email: dhamm at itserve.com