Chapter 23. Running an FTP Server on SUSE
IN THIS CHAPTER
Security issues with FTP
Setting up an anonymous FTP server with vsftpd
Allowing user access
Allowing upload access
Allowing anonymous uploads
Using pure-ftpd
FTP is the File Transfer Protocol, which is best known as a way of allowing anonymous downloads from public Internet servers.
Traditionally, Unix systems ran an FTP daemon by default, and users expected to be able to move files to and from their home directories using an FTP client from elsewhere. This was a convenient way of accessing the system without logging on, and was available from any kind of client. Using FTP in this way has come to be seen as both insecure and unnecessary. It is insecure because typically username/password pairs were sent across the network in plain text, opening up the possibility of password theft by network sniffing. Just as telnet
and rsh
should be considered insecure, use of FTP on a public network should generally be regarded with great caution.
However, this type of use of FTP is also usually unnecessary for just the same reason that telnet
and rsh
are unnecessary because of the availability of the ssh
family of programs (ssh, scp, sftp
), which provide totally secure ways of achieving the same ends. (The availability of nice client implementations such as KDE's "fish" ioslave also means that you can view the directories on the server graphically from the client while transferring the files.)
FTP's poor security reputation has been made even worse ...
Get Open SUSE® 11.0 and SUSE® Linux® Enterprise Server Bible now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.