On Fri, Nov 02, 2001 at 11:39:19AM -0600, Munir Nassar wrote:
> When i setup my ftp server most people advised me to use ProFTPd, its
> really nice, secure and it uses an apache-like conf file

ProFTPd has had problems with NIS user accounts, thus why we use WuFTPd.
Yes, NIS is insecure and should not be used on open internet
service-based servers, but our current requirements require it.  (I'd
love to replace NIS with LDAP+ssl one of these days.  Heck, I'd be happy
with rsync+scp for /etc/{passwd,shadow,group,sgroup,hosts} synchronization.)

WuFTPd is just as powerful (as ProFTPd) and has the same type of
reputation that Sendmail has in the email server world:  it's been
around the block; it's had security problems; it's also stable,
well-tested, and highly configurable.

One suggestion I would make is this, run your anonymous ftp server for
anonymous access ONLY (something I cannot get away with, unfortunately).
Force your users to use sftp or scp to move their files about.  If you
want to be really paranoid, run your ftp daemon in a chroot and use the
Linux 2.4 feature of multi-mount binding of directories.  E.g.

    bash$ sudo mount --bind /home/ftp/pub /var/chroot/ftpd/pub
    bash$ sudo chroot /var/chroot/ftpd /etc/init.d/wuftpd start

Oh, yeah, and install sudo.  root command audit trails are nice to have
in a multi-manager environment.

-- 
Chad Walstrom <chewie at wookimus.net>                 | a.k.a. ^chewie
http://www.wookimus.net/                            | s.k.a. gunnarr
Key fingerprint = B4AB D627 9CBD 687E 7A31  1950 0CC7 0B18 206C 5AFD

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20011102/a5203196/attachment.pgp