[linux-sec-uk] Secure FTP

Tim Jackson linux-sec-uk at mailman.lug.org.uk
Mon Aug 18 18:39:00 2003


On Mon, 18 Aug 2003 11:39:00 +0100 (BST) Simon wrote:

> Because the users home directorys contain their mail (Maildir/) I don't
> want to provide FTP access to those directorys.

I'm not sure about the answer to that, because I've got a very similar
problem. I was thinking about addressing it the other way around (that is;
putting the maildirs in /other/partition/mail/username and getting an IMAP
daemon which will read somewhere other than the users' home directory) but
I haven't had time to converge on a favoured solution yet.

> does anyone have a favourite secure FTP daemon with LDAP
> authentication.

After a bit of looking around, I liked the look of vsftpd (
http://vsftpd.beasts.org/ ), which is included in some Linux
distributions. It's straightforward and "modern" to configure and includes
lots of specific security-related options including the ability to
selectively chroot (or not) individual users, and some helpful options
that assist with firewalling. Furthermore it has a built in 'ls' etc. so
doesn't require bin/lib directories in each chrooted home which is a big
bonus in my book. I haven't used it with LDAP and I don't think it has
explicit support, but it can authenticate with PAM, so I assume you could
plug in LDAP from there. 

Tim