Meet the Gang   1   2   3   4   5   6   7   8   9   10   11   12

FTP Server

From Milone, Gilbert

Answered By Dan Wilder, Johan H, John Karns, Heather Stern

Hello All,

Thanks for the help with the startx problem. After reading the manuals a bit, I decided that it will be more secure to have setup with the console login. This box is going to be a web-server and ftp server. The next question I have is there an FTP server with red hat? I could not find much

[Dan] Almost certainly.

[Johan] The default ftp server with Redhat is wu-ftp. The package file is wu-ftpd-2.6.1-16.i386.rpm on RedHat 7.1.

This is a full featured ftp server with a very bad security record. `proftp' is a much better option as far as security goes.

[John K] I have no less than 4 ftp daemons installed on my SuSE 7.1 machine:

the two mentioned above, as well as

- tftp which includes a client and server

[Johan] tftp (it has been a while since using it.) is an acronym for trivial file transfer protocol. It is a tiny insecure little ftp server that is great for getting kernels of a boot server to start diskless machines. I am sure it runs UDP as opposed to TCP/IP. As an ftp server it is useless.

[John K] - BSD ftp:

Name        : ftpd
Version     : 0.3.2
Release     : 18
Group       : System Environment/Daemons
Size        : 101965                           License: BSD
Packager    : feedback@suse.de
Summary     : The BSD FTP daemon
Description :
This package contains the BSD FTP (File Transfer Protocol) server daemon.
The FTP protocol is a method of transferring files between machines on a
network and/or over the Internet.

Any input as to how these compare in regards to security etc with the two mentioned above?

[Johan] We run BSD ftp on our ftp site. I did not set it up. It works well and I have not seen any security anouncements for it. Our paranoid netcop settled for this one, so I asume it is good.

Go to www.rpmfind.net and search ...

[Heather] Better yet, try Freshmeat.net and type "ftp server" into the search gadget. They have a whole section full of these things, many of them optimized for special puposes... such as anonymous-only setup.

My personal favorite, at the moment, is muddleftpd. It has very nice access control features and the control files are readable. But if you really will be anonymous only you simply can't beat something that doesn't care who you say you are, it just puts you in the anonymous jail no matter what you say.

in the documentation about one. I would like to have one that uses the existing security which the users have in linux. IE when I ftp in, I will have the same rights as my login name would if I signed onto the terminal. Is this possible? I would assume it is, but we all know what happens when we assume.

[Dan] It's possible. Setup varies from ftp server to ftp server.

Whether this is really what you want is another matter. FTP passwords are exchanged in plain text over the internet, for any snooping eyes to sieze upon. Allow ssh or telnet login also, and you're exposing yourself to a moderate threat of having accounts hijacked.

If that doesn't bother you, or if the privileges associated with the accounts are minimal, go ahead.

Generally when I set up a named ftp account, I also make the user's login shell /bin/false.

[Johan] If you set the users account to /bin/false, please add /bin/false to /etc/shells.

The defualt pam setup requires a valid shell. Or remove the line `auth required /lib/security/pam_shells.so' in /etc/pam.d/ftp.

The last option is a bad idea. man `pam' for details. It could allow all kinds of strange ftp logins as user lp, bin etc.

Thanks again for the help. -GIl Milone

This page edited and maintained by the Editors of Linux Gazette Copyright © 2002
Published in issue 76 of Linux Gazette March 2002

HTML script maintained by Heather Stern of Starshine Technical Services, http://www.starshine.org/

Meet the Gang   1   2   3   4   5   6   7   8   9   10   11   12