Back at Square 1
Jonathan Hutchins
hutchins at opus1.com
Mon Jul 15 02:54:56 CDT 2002
> -----Original Message-----
> From: Seth Dimbert [mailto:s.dimbert at fhmr.com]
> Now I need to get the FTP server running so I can upload
> files for Apache to serve.
Once again: http://www.tldp.org has the answers you need, in detail. I
wish we had a jar like a "swear jar", where every time someone posts a
question that's answered at the Linux Documentation Project, they had to put
a donation in the kitty.
wuftpd doesn't install by default on RHL, and I believe you mentioned that
you were running RedHat or a derivative.
ftp is a notoriously insecure protocol. There are ways to secure it, but
there are still problems like the fact that user authentication happens in
plain text (see SWB DSL rant, ongoing).
Your first choice should be sftp, which installs by default as part of the
OpenSSH package. You can't log in as root by default, and I'm not aware of
an su option in sftp, but you could probably work that out. Upload as
joeuser, use the shell to move, chown, and chgroup.
If that's not going to work for some reason, you can install wuftp - should
be on the CD's. Disable guest and anonymous access - root should be
disabled by default. Users can now FTP to their own directory and post
files. Use symlinks to make those files appear in the web pages.
IMPORTANT: If you're going to enable ftpd (wuftpd), you want to use the TCP
wrappers and only enable it for likely source connections. For instance, I
allow users within my dial-in cloud access, because it's not a general
public ISP cloud. I do not allow access from the University computer labs,
although it would be convenient for the Professor, so far he has only done
FTP work from home and if he's noticed he hasn't commented. I enable my PC
by the firewall's RoadRunner IP. Had to change that recently, because I
left the modem off for ten hours or so and ended up with a different IP.
Note that this could have locked me out completely if I didn't have other
arrangements. Mine is a secure, remote host, and I have to be very careful
to put the key in my pocket BEFORE I close and lock the door.
Figure it out first, don't install it then secure it. I was recently told
that the average time between an unsecured web server going on-line and it
being hacked and owned was about five minutes - more like one minute for MS
IIS. Unsecured FTP servers are easier to hack.
More information about the Kclug
mailing list