[ale] FTP Server on Linux

Matthew Brown matthew.brown at cordata.net
Fri Jan 22 11:06:27 EST 1999 

Thanks for the SPEEDY replies!

I offer web hosting services (so far on NT) - killer bandwidth!, but I'd
like to move my shop almost ENTIRELY over to Linux, and styay with Linux
from here on out.  If you've followed the list for a month or two you may
remember I've been hacked pretty hard.  I am NOT interested in this
happening again.  Since it is not a problem on my NT server (yet!), I have
left HTTP/FTP there.  I only do sendmail/ipopd on my Linux box.

The FTP access would be authenticated, but NONE of the users need have any
permissions/rights outside there little world.

Doesthis answer the question about access?  I guess I see no need for
anon-FTP, but I do need everyone's data to go to 'their'subdirectories.

-Matthew Brown

----- Original Message -----
 From: Michael H. Warfield <mhw at wittsend.com>
To: Matthew Brown <matthew.brown at cordata.net>
Cc: <ale at ale.org>
Sent: Friday, January 22, 1999 10:26 AM
Subject: Re: [ale] FTP Server on Linux


>Matthew Brown enscribed thusly:
>
>> Should I be confident that I can turn on the FTP daemon without
compromising
>> my security too much.  Surely someone out there is using FTP and Linux?
>
>> I only ask because I have heard (I think) that this is one of the
'dangerous
>> daemons' to use as far as security.
>
> It can be.
>
> What is your objective?
>
> 1) Do you wish to start up an anonymous ftp server?
>
> 2) Do you wish to provide incoming or upload capability?
>
> 3) Do you wish to provide ftp access for non-anonymous accounts?
>
> Anonymous ftp should not bee too difficult to set up.  In fact,
>most distributions already have it setup and too many turn it on ftpd
>with anon ftp service by default (grrrr).  Even if they do set it up
>properly, offering a service on the network by default, which the user
>may not be aware of, is a serious security risk.
>
> If you wish to allow outsiders to upload data to your system,
>make sure ~ftp/incoming is writable but not readable or searchable by
>the ftp account!  Also read and understand the options in your
/etc/ftpaccess
>file.  Do not allow the creation of subdirectories under ~ftp/incoming.
>
> I would strongly advise against #3 and use safer file transfer
>methods such as scp.  Using ftp may result in user passwords being passed
>in the clear on the network
>
>> -Matthew Brown
>
> Mike
>--
> Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
>  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
>  NIC whois:  MHW9      |  An optimist believes we live in the best of all
> PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

More information about the Ale mailing list