[TCLUG] FTP server setup - choosing distro, daemon ,etc

Wed May 12 09:12:12 CDT 2004

On Wed, May 12, 2004 at 08:22:05AM -0500, Johnny Fulcrum wrote:
> 
> Hi all-
> 
> A buddy of mine is throwing me a "small potato" and giving me 1/2 the  
> cut.  The job is setting up a small ftp server for a client.
> 
> The requirements are (seemingly) next to nothing:
> 
> A site where clients of the client can drop off files (under 20 Meg a day)  
> and at the end of the day, generate a report of what got tranferred and  
> move the transferred files off to a backup machine.
> 
> I immediately thought of SSH and sftp, gave warnings of the insecurities  
> of ftp etc - but was told that the end users will not touch the command  
> line and will be using IE to conenct and drag -n- drop files to the ftp  
> server. OOOkkkayyy...
> 
> Ok, so I thought of using vsftp and making a blind, anonymous "drop off"  
> ftp server... Connect as anonymous, drop files in an "incoming" location  
> and that's it.
> 
> The box will most likely be a walmart special x86 (uptime is not a concern  
> from what he tells me a.k.a rebuild box if it goes south.).  I have to  
> choose a linux distro for this.  I use gentoo day-to-day, so I thought of  
> using that and vsftp (I also use this on my personal box).
> 
> So - Gentoo, vsftpd, sshd for my remote access, on an el cheapo box, set  
> customer expections up front, clue bat, what else am I going to need?
> 
> Any advice, warnings, etc - This will be my first time doing something  
> like this... :\

Yah, I have to deal with FTP a lot - mostly because it's what people
know.  Two things - make sure the users don't have shell access (don't
give them a valid shell or don't make them system users).  Secondly, use
ftpd to chroot them to their home dirs so that they can't cruise around
your server.  

I havn't used vsftpd - but on freebsd with the standard ftpd I just set
their shells to /NOLOGIN and add /NOLOGIN to /etc/shells.  Then, ftpd
has a file /etc/ftpchroot - any users in there get chrooted to their ~/.
Works for me.  Of course, /etc/ftpchroot is a bsd ftpd thing, but the
shell thing should work with most ftp servers.

I don't particularily like the anonymous idea.  It opens you up to many
more vulnerabilities - since now anyone that wants it can log in.
Also, make sure the clients know that there is no security with ftp -
don't let them send confidential info across the wire, or you may find
yourself liable (I'm just making that up, i dunno, but i wouldn't be
surprised).

hth, 
dan

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
Help beta test TCLUG's potential new home: http://plone.mn-linux.org
Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery
tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list