[linux-sec-uk] Secure FTP

Mark Boddington linux-sec-uk at mailman.lug.org.uk
Tue Aug 19 10:04:03 2003 

Hello,

The best ftp server I have found is proftpd. It will do everything you are
asking. It uses an apache style configuration so you shouldn't have any
problems setting it up. It supports chrooting individuals based on user or
group, so you could chroot everyone to "~/upload". alternatively you could
use a <Directory> directive to deny access to Maildir if that is the only
area you want to restrict. I think I prefer the first option, we dont want
uploads to ~/public_html/cgi do we ;-)

The website is at http://www.proftpd.org

Cheers
Mark

Simon Morris wrote:
> [Wow the first question.....]
> 
> Hello there.
> 
> I working on a small business solution for a client that has one Dell
> server to provide various networking services.
> 
> This server hosts their mail (Postfix,Courier-imap), Web (Apache,PHP),
> Database (MySQL) and various other (BIND, DHCP, OpenLDAP)
> 
> All user accounts are LDAP based with the mail routing and
> authentication tied in also.
> 
> They now need FTP services, which is where I start to sweat :-)
> 
> I have set aside a seperate disk partition just for the FTP data and I
> plan to chroot this service under /ftproot/
> 
> Because the users home directorys contain their mail (Maildir/) I don't
> want to provide FTP access to those directorys.
> 
> Is my plan of creating a seperate home directory under the chroot
> (/ftproot/home/) for the users FTP space feasible, and does anyone have
> a favourite secure FTP daemon with LDAP authentication.
> 
> Looking for ideas from someone with a similar setup really
> 
> Thanks
> 

-- 

Mark Boddington
Security & Unix Administrator
Transact Group Ltd
Tel 01223 551035, Fax 01223 847176

OpenPGP Key ID : 0x82B471B2

===============================================================================

Transact Group Limited Disclaimer

Confidentiality:  This e-mail and its attachments are intended for the above
named only and may be confidential.  If they have come to you in error you
must take no action based on them, nor must you copy or show them to anyone;
please reply to this e-mail and highlight the error.

Security Warning:  Please note that this e-mail has been created in the
knowledge that Internet e-mail is not a 100% secure communications medium.
We advise that you understand and observe this lack of security when
e-mailing us.

Viruses:  Although we have taken steps to ensure that this e-mail and
attachments are free from any virus, we advise that in keeping with good
computing practice the recipient should ensure they are actually virus free.

===============================================================================