[NBLUG/talk] ftpd

ME dugan at passwall.com
Sat Feb 15 16:32:00 PST 2003


Steve said:
> I have a need to run an FTP server on my colo at sonic, and to be honest
> I've always avoided this like the plague =).. So I was wondering what ftpd
> you guys recomend.
>
> I only need 1 feature, and that is that the user who logs in is jailed
> into their own directory.   I hear proftpd
> does this, but I worry about security otherwise.. I dont really want
> to get hacked.  =)

Requirement "dont want to get hacked" does not seem to go with
"plain-text across-the-wire authentication."

Between the choice of proftpd and wu-ftpd, proftpd is a bit better, but I
will strongly advise against using ftp.

> I will not have anonymous turned on, thats for sure, mainly because it
> is not needed.  So what are your opinions?

My opinion is this:
Consider re-thinking your decision. Why *must* you use ftp? Can you get
away with using something like WebDAV?

WebDAV is available as a built-in to:
Windows 98 and later, while a free patch from MS for "Web Folders" or
"Internet Folders" also grants this to Windows 95.
Mac OS X (iDisk or Internet disks)
While you can work it with linix and other *NIX with an ftp-like client
called cadaver.

Running WebDAV with mod_dav in apache, and mod_ssl, permis you to get all
traffic including authentication passed over SSL!

As for "jails" from the apache httpd.conf, you can specify what users in
each <directory> or space should use. Reverse directory traversal and into
other dirs can be blocked with this too.

I have found WebDAV a *great* alternative for my users. They can use their
webspace as a fileserver, web publishing volume, etc.

Can WebDAV work for you instead of ftpd?

-ME



-- 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ PGP++
t at -(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html
  Campus IT(/OS Security): Operating Systems Support Specialist Assistant




More information about the talk mailing list