Minimum requirements for a linux file/ftp server

[Mucman]

My Christmas break project is to make one of my old computers into a file and ftp server. I am currently using IIS's ftp, but sometimes I like to boot into win98 to play games and stuff... Also I would like to learn how to do this. I plan on using Pure FTP on a Debian box (should I try BSD?).

I have the following spare computers :

P90, P150, 2xP200

Some have 32M and some have 64M of RAM.

I plan on doing the resistor hack on a Promise Ultra 66 to make it a RAID controller and raid two IBM 60GXP 40G. It will be serving mp3's to the local LAN computers
and will have around 10 or so users for the FTP. Hopefully Linux supports this.

 

[NiPeng]

The p90 with 32megs ram should be enough (no X).
I presume the load isn't very heavy.

I don't know Pure FTP but ProFtp works fine for me on my Debian box.
Debian or BSD?
It's your choice, both are able to do the job (if your hardware is supported).

 

[Mucman]

The load won't be heavy at all... I won't be putting on X, I need to brush up on my unix command line stuff anyways. I imagine you can run SAMBA from the prompt as well right?

I chose Pure FTP from what I have read on-line. ProFtp supposedly has some holes. Not that I need a heck of a lot of security since it's mostly movies and mp3's. Although my dad expressed interest in being able to backup his work file on the FTP.

 

[NiPeng]

Sure, you can run samba allright from the commandline.
Don't know how much ram samba uses for sure.
Well you could always add more later.

 

[n0cmonkey]

<< The load won't be heavy at all... I won't be putting on X, I need to brush up on my unix command line stuff anyways. I imagine you can run SAMBA from the prompt as well right?

I chose Pure FTP from what I have read on-line. ProFtp supposedly has some holes. Not that I need a heck of a lot of security since it's mostly movies and mp3's. Although my dad expressed interest in being able to backup his work file on the FTP. >>



Whats the site for pure ftp? (Ive heard of it but cant remember where). Any of the hardware should be fine. SAMBA doesnt use too much in the way of resources. And if your dad wants to back his work stuff on the ftp, see if you can find an sFTP server.

EDIT: make sure the promise thingy is supported. They are not generally supported.

 

[NiPeng]

I think I've found the website.

linkey

 

[Koeppster]

Assuming you go with some package-based distribution, you probably won't have to "run Samba from the command line", you'll probably just have a script that runs it when booting the system.

I also like and use ProFTP. As long as you don't use wu-ftpd, what a POS.

 

[Mucman]

Dan Berstein isn't to fond of proFTP : linkey

noc - by sFTP do you mean secure FTP? If it says this "Built-in MD5/SHA cryptography" in the features, is it implying the same sort of functionality as sFTP?

I have looked up on the promise card and it seems to be doable. It might be a bit much for a *nix newbie like me, but how else will I learn

 

[Koeppster]

I perused Dan Bernstein's (who I'd never heard of) website looking for any indications that I should give two sh*ts what he thinks...and found none.

He apparently got a great deal of enjoyment pointing out bugs in what were clearly prereleases or release candidates of Proftp over a year and a half ago, some as old as two years ago. Whoop-dee-doo. Here in the present it's on version 1.2.2. The most recent CERT advisory on Proftp was July 2000.

Don't get me wrong, I really don't give a crap about Proftp either, but just because some associate prof at UIUC spouts off doesn't mean Proftp isn't worth running. It's up to the user to lock it down...I only allow one connection (me) and disable anon access of course. And I turn it off when I'm not using it.

 

[Mucman]

Koeppster - Dan Berstein is a great programmer and a security fanatic. He is also an arrogant prick . He has written Qmail, DJBDNS, and his own SMTP protocol that follows the RFC's to spec. Do some searches in USENET, and you will find some hilarious dialogues.

Anyways, I don't know anything about linux FTP, so I don't know what is popular, what is the best, etc... I just did some searching and on the service pureFTP looks pretty darn good. It seems to have a good user base and an author who will communicate with its users.

 

[n0cmonkey]

Koeppster DJB is a GREAT programmer. His daemons have security and stability built in. I respect his opinions (taken with a grain of sailt of course) in what programs I use. And if you check his site, the information about lack of security on many daemons is older, and that should be taken into consideration.

Are promise cards supported now? Last I heard their "raid" cards were not. Make sure you check the usual sites (redhat.com, suse.com, linuxhardware.org(?)) for information. (Sorry Techwhore, my 100 pm limit is reached and I dont feel like deleting and responding just yet.

Mucman I am not sure that is full 100% encrypted connections. sFTP is secure ftp and I believe it tunnels an ftp connection over an encrypted link. What I am worried about in your situation is if your dad's information gets sniffed, or even worse his l/p. http://www.openssh.com may have a little more information about their implimentation of sFTP (I think they do it and not just the OpenBSD guys but Im not positive).

 

[Mucman]

Linux Promise drivers are here, why are drivers distribution specific? If I want to install Debian, will this be a problem?

I will take looked at the openssh then. I asked him what sort of files he is backing up and it includes tax T4's and all of his client data (life insurance and financial planning). I will definitely make sure I do this the right way now!

 

[Koeppster]

Well, he wrote qmail and other handy things....I'm happy for him. Fine, he's a great programmer, so are lots of other people. I just get a little brassed off when I detect arrogance and/or condescension. The programmers I respect the most are the ones who go about their business in an unassuming fashion and don't try to call attention to their purported greatness.

From what I could tell, the Proftp team responded to security issues promptly. Maybe if/when they complete the code audit they are reportedly undertaking, their program will be thought of a little more highly. But there are certainly plenty of other good or better ftp daemons out there.

God, I sound like a Proftp disciple, which I assure you I'm NOT. I was just trying to bring facts to light, hehehe.

 

[Mucman]

Koeppster - Like I said, I don't know what is hip and happening in the world of Linux FTP server programs , I chose pureFTP from what I have seen on the net so far. I will take a closer look at ProFTP though. Thanks for your input.

 

[n0cmonkey]

<< Linux Promise drivers are here, why are drivers distribution specific? If I want to install Debian, will this be a problem?

I will take looked at the openssh then. I asked him what sort of files he is backing up and it includes tax T4's and all of his client data (life insurance and financial planning). I will definitely make sure I do this the right way now! >>



You better Depending on the drivers (binary or source, builds, libraries, all that jazz) they could work anywhere with little trouble. But if you want to install them on another system, you could have some dependancies issues... Good luck

 

[n0cmonkey]

<< Well, he wrote qmail and other handy things....I'm happy for him. Fine, he's a great programmer, so are lots of other people. I just get a little brassed off when I detect arrogance and/or condescension. The programmers I respect the most are the ones who go about their business in an unassuming fashion and don't try to call attention to their purported greatness. >>



I think it is not him trying to get attention, but him bringing the attention towards the mistakes of others. Yes he is arrogant, yes he is an ass, but damnit his programs work! I can put up with the downfalls of a programmer and still use their software. Hell, I use OpenBSD even with Theo in charge



<< From what I could tell, the Proftp team responded to security issues promptly. Maybe if/when they complete the code audit they are reportedly undertaking, their program will be thought of a little more highly. But there are certainly plenty of other good or better ftp daemons out there.

God, I sound like a Proftp disciple, which I assure you I'm NOT. I was just trying to bring facts to light, hehehe. >>



Never thought you were

The fact they are working harder at this is great. That is what should happen when attention is brought to your mistakes. In the case of security, all the bad attention is warranted.

 

[n0cmonkey]

<< Koeppster - Like I said, I don't know what is hip and happening in the world of Linux FTP server programs , I chose pureFTP from what I have seen on the net so far. I will take a closer look at ProFTP though. Thanks for your input. >>



Dont just read the hype on the project's site. PLEASE go out and do a litlte research. securityfocus.com has bugtraq archives among other things, and packetstormsecurity.com is possibly the BEST security site ever! Check out the big names (exclude wu-ftp please ), and see which one has the best track record, see which one will fit your needs, and see which one you think you can handle and trust.

 

[Mucman]

Thanks for the tips... I came in here with questions about my hardware that I guess didn't need addressing (albeit this is the OS forum ).

I guess that I thought I was done with the FTP research but it is clear that I haven't done enough. What are the big name FTP programs? I have heard the words bullet proof FTP float around as well... are they mostly for client side?