[lug] FTP server preferences

Peter Hutnick peter at fpcc.net
Tue Feb 19 12:18:22 MST 2002


On Tuesday 19 February 2002 10:39 am, Elyse Grasso wrote:
> I need to set up an ftp server on one of our machines. Which of the ftp
> servers shipped with current RedHat/KRUD systems is 1) least vulnerable to
> security problems and 2) easiest to set up and administer? Is there a good
> discussion of the tradeoffs between the various servers somewhere?
>
> Thanks

After my RedHat system was owned I switched to ProFTPD.  Nice.  Apache style 
config.  Configureable beyond your wildest dreams.

I also highly recommend running anon only ftp.  If you need "real user" stuff 
use SCP or SFTP (both available in the OpenSSH package).  This allows you to 
run the FTP daemon as a user that only has enough privs to read the FTP 
directories (and write upload if you have it) and execute the ProFTPD built 
in commands.  IOW, what would be a remote root on WU-FTP is an unprivileged 
not-quite-a-shell on ProFTPD.  (Which brings us to a whole other discussion 
about local exploits . . .)

Anyway, fast, reliable, as secure as FTP gets.  To me ProFTPD is the only way 
to go.

Good Luck,
Peter



More information about the LUG mailing list