On Fri, Nov 02, 2001 at 11:39:19AM -0600, Munir Nassar wrote:
> When i setup my ftp server most people advised me to use ProFTPd, its
> really nice, secure and it uses an apache-like conf file
ProFTPd has had problems with NIS user accounts, thus why we use WuFTPd.
Yes, NIS is insecure and should not be used on open internet
service-based servers, but our current requirements require it. (I'd
love to replace NIS with LDAP+ssl one of these days. Heck, I'd be happy
with rsync+scp for /etc/{passwd,shadow,group,sgroup,hosts} synchronization.)
WuFTPd is just as powerful (as ProFTPd) and has the same type of
reputation that Sendmail has in the email server world: it's been
around the block; it's had security problems; it's also stable,
well-tested, and highly configurable.
One suggestion I would make is this, run your anonymous ftp server for
anonymous access ONLY (something I cannot get away with, unfortunately).
Force your users to use sftp or scp to move their files about. If you
want to be really paranoid, run your ftp daemon in a chroot and use the
Linux 2.4 feature of multi-mount binding of directories. E.g.
bash$ sudo mount --bind /home/ftp/pub /var/chroot/ftpd/pub
bash$ sudo chroot /var/chroot/ftpd /etc/init.d/wuftpd start
Oh, yeah, and install sudo. root command audit trails are nice to have
in a multi-manager environment.
--
Chad Walstrom <chewie at wookimus.net> | a.k.a. ^chewie
http://www.wookimus.net/ | s.k.a. gunnarr
Key fingerprint = B4AB D627 9CBD 687E 7A31 1950 0CC7 0B18 206C 5AFD
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20011102/a5203196/attachment.pgp