[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] FTP Server on Linux



So,  now we are back to a more generic, OS-level question...

Are you saying I can restrict a specific user to run a binary only from
/xyz/ directory?

I guess you'd do this with the path env variable?  Do these variables even
exist when the user comes in via FTP rather than through a shell?

Please forgive the RT*M's here.  I am an obvious neophyte to Linux.  I have
a start-up web hosting company that runs on NT(web/dB) and Linux(mail).  I'd
really like to get off of NT altogether at some point, but this (FTP) is one
of the sticking points with me (along with M$-ASP&FPE).  If I can get FTP to
happen, and can get ASP&FPE-like capabilities out of Linux, I'll switch over
for good.  I already know it can happen, but can _I_ make it happen
_securely_?

Arguably, I am my own biggest stumbling block here!

Little help?

Thanks all!

-Matthew Brown

----- Original Message -----
 From: John M. Mills <jmills at jmills.gtri.gatech.edu>
To: Matthew Brown <matthew.brown at cordata.net>
Cc: <elanda at comstar.net>; <ale at ale.org>
Sent: Tuesday, January 26, 1999 9:58 AM
Subject: Re: [ale] FTP Server on Linux


>
>
>On Tue, 26 Jan 1999, Matthew Brown wrote:
>
>> This still doesn't do it for me.  What does ~ftp/bin mean?  I'd have
thought
>> this would mean that there is a /bin diretory out there under an ftp
>> directory.  Clearly I'm off here.
>
>You're not off at all. I think this is discussed in docs for the wuftp
>sources, but the recommendation as I understood it was to make a set of
>[relatively] trusted libs and bins in the <whatever>/ftp heirarchy and
>restrict ftp users to that set. The objective was to avoid exploits of
>publically acccessible libs and bins and in fact to limit the operations
>available to an ftp user.  You would then keep a close eye on the ftp
>executables and libs to catch changes quickly.
>
>If I misunderstood this, I would appreciate being set straight.
>
>Thanks - mills
>
>  John M. Mills, Senior Research Engineer -- john.mills at gtri.gatech.edu
>  Georgia Tech Research Institute, Georgia Tech, Atlanta, GA 30332-0834
>        Phone contacts: 404.894.0151 (voice), 404.894.6285 (FAX)
>         "The cardinal virtues of a programmer are Laziness,
>            Impatience, and Hubris." -- attr. Larry Wall
>