[linux-sec-uk] Secure FTP
Tim Jackson
linux-sec-uk at mailman.lug.org.uk
Mon Aug 18 18:39:00 2003
On Mon, 18 Aug 2003 11:39:00 +0100 (BST) Simon wrote:
> Because the users home directorys contain their mail (Maildir/) I don't
> want to provide FTP access to those directorys.
I'm not sure about the answer to that, because I've got a very similar
problem. I was thinking about addressing it the other way around (that is;
putting the maildirs in /other/partition/mail/username and getting an IMAP
daemon which will read somewhere other than the users' home directory) but
I haven't had time to converge on a favoured solution yet.
> does anyone have a favourite secure FTP daemon with LDAP
> authentication.
After a bit of looking around, I liked the look of vsftpd (
http://vsftpd.beasts.org/ ), which is included in some Linux
distributions. It's straightforward and "modern" to configure and includes
lots of specific security-related options including the ability to
selectively chroot (or not) individual users, and some helpful options
that assist with firewalling. Furthermore it has a built in 'ls' etc. so
doesn't require bin/lib directories in each chrooted home which is a big
bonus in my book. I haven't used it with LDAP and I don't think it has
explicit support, but it can authenticate with PAM, so I assume you could
plug in LDAP from there.
Tim