• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Linux FTP server...

P

pulse8

Lifer
I want to move my FTP server over to a basic linux box I set up. It's running wu-ftpd. My questions are:

Can I limit the amount of bandwidth the server takes up? Either per user or all together?

How can I set which directories the users have access to? Right now when I test having a user log in, they have access to just about the entire system.

Thanks,
David
 
Can I limit the amount of bandwidth the server takes up? Either per user or all together?

I know you can, but I can't remember how, it's in the manuals somewhere. I believe it's only total though, not per user.

How can I set which directories the users have access to? Right now when I test having a user log in, they have access to just about the entire system.

man chmod.

But really it doesn't matter too much if they can download the system files, there's nothing in there they can't get elsewhere. Just make sure you protect your data files properl.
 


<< Can I limit the amount of bandwidth the server takes up? Either per user or all together?

I know you can, but I can't remember how, it's in the manuals somewhere. I believe it's only total though, not per user.

How can I set which directories the users have access to? Right now when I test having a user log in, they have access to just about the entire system.

man chmod.

But really it doesn't matter too much if they can download the system files, there's nothing in there they can't get elsewhere. Just make sure you protect your data files properl. >>



Restricting the users is definitely a good thing, but if the system is properly setup, like you said, it wont matter. Of course, using wu-ftpd is like telling the world to come root you.
 
as has already been implied.. for all that is sane please DO NOT use WU-FTPD. It's got to be one of the most insecure ftp servers known. I don't understand why they even still make it... or why people distribute it in their distributions.
 
Pureftp.

This is why Wu-FTPd is a BAD thing:
-----BEGIN PGP SIGNED MESSAGE-----

- ------------------------------------------------------------------------
Debian Security Advisory DSA-087-1 security@debian.org
http://www.debian.org/security/ Wichert Akkerman
December 3, 2001
- ------------------------------------------------------------------------


Package : wu-ftpd
Problem type : remote root exploit
Debian-specific: no

CORE ST reports that an exploit has been found for a bug in the wu-ftpd
glob code (this is the code that handles filename wildcard expansion).
Any logged in user (including anonymous ftp users) can exploit the bug
to gain root privilege on the server.

This has been corrected in version 2.6.0-6 of the wu-ftpd package.
 
Thanks for the info. I'll be checking those out tonight. The computer is still behind my router's firewall with no ports routed to it, so I don't think I should have anything to worry about for now, right?
 


<< Thanks for the info. I'll be checking those out tonight. The computer is still behind my router's firewall with no ports routed to it, so I don't think I should have anything to worry about for now, right? >>



Probably not. But its good practice to keep up with that information. And if you arent using it yet, go ahead and kill it. I got that advisory today (although it is atleast 2 days old).
 


<< as has already been implied.. for all that is sane please DO NOT use WU-FTPD. It's got to be one of the most insecure ftp servers known. I don't understand why they even still make it... or why people distribute it in their distributions. >>



Then what do you recommend? wu-ftpd comes with most standard distro. I would like to try ncftpd but it is not free. 🙁
 


<<

<< as has already been implied.. for all that is sane please DO NOT use WU-FTPD. It's got to be one of the most insecure ftp servers known. I don't understand why they even still make it... or why people distribute it in their distributions. >>



Then what do you recommend? wu-ftpd comes with most standard distro. I would like to try ncftpd but it is not free. 🙁 >>



Pure and Pro seem to be better than wuftpd. But unless you are allowing anonymous users, or if you have LOTS of data you need to move, ftp is not the answer.
 
Well, I run an FTP that contains bootlegs (all legal 🙂) of a band I like. It's about 4.5GB worth. Would OpenSSH help me at all? It's just one username that I want to give access to and also limit their bandwidth so that it doesn't eat away at my cable connection.
 


<< Well, I run an FTP that contains bootlegs (all legal 🙂) of a band I like. It's about 4.5GB worth. Would OpenSSH help me at all? It's just one username that I want to give access to and also limit their bandwidth so that it doesn't eat away at my cable connection. >>



That is basically anonymous access, so ftp would be fine. If you dont want to give out the username/password, look for sFTP servers and clients.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top