[ale] FTP Server on Linux

Michael H. Warfield mhw at wittsend.com
Fri Jan 22 10:26:12 EST 1999


Matthew Brown enscribed thusly:

> Should I be confident that I can turn on the FTP daemon without compromising
> my security too much.  Surely someone out there is using FTP and Linux?

> I only ask because I have heard (I think) that this is one of the 'dangerous
> daemons' to use as far as security.

	It can be.

	What is your objective?

	1) Do you wish to start up an anonymous ftp server?

	2) Do you wish to provide incoming or upload capability?

	3) Do you wish to provide ftp access for non-anonymous accounts?

	Anonymous ftp should not bee too difficult to set up.  In fact,
most distributions already have it setup and too many turn it on ftpd
with anon ftp service by default (grrrr).  Even if they do set it up
properly, offering a service on the network by default, which the user
may not be aware of, is a serious security risk.

	If you wish to allow outsiders to upload data to your system,
make sure ~ftp/incoming is writable but not readable or searchable by
the ftp account!  Also read and understand the options in your /etc/ftpaccess
file.  Do not allow the creation of subdirectories under ~ftp/incoming.

	I would strongly advise against #3 and use safer file transfer
methods such as scp.  Using ftp may result in user passwords being passed
in the clear on the network

> -Matthew Brown

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!






More information about the Ale mailing list