Good, secure FTP daemons that don't need real user accounts
From: Rafael 'Dido' Sevilla (sevillar@team.ph.inter.net)Date: 08/02/01
- Previous message: Gordon Messmer: "Re: webdav"
- Next in thread: opensides@caramail.com: "Re: Good, secure FTP daemons that don't need real user accounts"
- Reply: opensides@caramail.com: "Re: Good, secure FTP daemons that don't need real user accounts"
- Reply: Seth Arnold: "Re: Good, secure FTP daemons that don't need real user accounts"
- Reply: Nate Pinchot: "RE: Good, secure FTP daemons that don't need real user accounts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 2 Aug 2001 10:40:08 +0800 From: Rafael 'Dido' Sevilla <sevillar@team.ph.inter.net> To: focus-linux@securityfocus.com Subject: Good, secure FTP daemons that don't need real user accounts Message-ID: <20010802104008.B3966@team.ph.inter.net>
While I would very much like to throw FTP into the trash bin forever,
a lot of our company's virtual hosted web clients insist on using it
to upload their web pages to the server located here at the NOC.
Well, if their passwords get sniffed and their web pages vandalized we
tell them we disclaim all responsibility, but at the same time we
don't want the entire server to get compromised because of the FTP
daemon.
So as a further step to avoid such a fiasco, we want to avoid giving
these people entries in /etc/passwd. This also has the pleasant side
effect of allowing us to run the FTP daemon non-root (just configure
the FTP daemon to use a port above 1024 and tell our clients to use
that port). We do not want or need an FTP daemon that uses a SQL
database or LDAP to store authentication information, that's absolute
overkill for what we need to do, and yet another weak link in the
chain. Each virtual host has at most four or five clients attached to
it, so a flat file should be more than enough.
I've seen Virtual FTPD (http://startuplinux.com/virtualftpd.html).
Has anyone tried to use this? Anybody know of other useful solutions
out there?
-- Rafael R. Sevilla <sevillar@team.ph.inter.net> +63(2) 8177746 ext. 8311 Programmer, InterdotNet Philippines +63(917) 4458925 http://dido.engr.internet.org.ph/ OpenPGP Key ID: 0x5CDA17D8-----BEGIN GEEK CODE BLOCK----- Version: 3.12 GAT d- s:- a- C++++ UL+++ P+++ L+++ E++ W++ N+ o K- w--- O- M-- V- PS+ PE Y+ PGP++ t+ 5 X+ R tv+ b+++ DI++ D+ G e++ h! r++ y+ ------END GEEK CODE BLOCK------
- application/pgp-signature attachment: stored
- Previous message: Gordon Messmer: "Re: webdav"
- Next in thread: opensides@caramail.com: "Re: Good, secure FTP daemons that don't need real user accounts"
- Reply: opensides@caramail.com: "Re: Good, secure FTP daemons that don't need real user accounts"
- Reply: Seth Arnold: "Re: Good, secure FTP daemons that don't need real user accounts"
- Reply: Nate Pinchot: "RE: Good, secure FTP daemons that don't need real user accounts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
