IN THIS CHAPTER
Security issues with FTP
Setting up an anonymous FTP server with vsftpd
Allowing user access
Allowing upload access
Allowing anonymous uploads
FTP is the File Transfer Protocol, which is best known as a way of allowing anonymous downloads from public Internet servers.
Traditionally, Unix systems ran an FTP daemon by default, and users expected to be able to move files to and from their home directories using an FTP client from elsewhere. This was a convenient way of accessing the system without logging on, and was available from any kind of client. Using FTP in this way has come to be seen as both insecure and unnecessary. It is insecure because typically username/password pairs were sent across the network in plain text, opening up the possibility of password theft by network sniffing. Just as
rsh should be considered insecure, use of FTP on a public network should generally be regarded with great caution.
However, this type of use of FTP is also usually unnecessary for just the same reason that
rsh are unnecessary because of the availability of the
ssh family of programs (
ssh, scp, sftp), which provide totally secure ways of achieving the same ends. (The availability of nice client implementations such as KDE's "fish" ioslave also means that you can view the directories on the server graphically from the client while transferring the files.)
FTP's poor security reputation has been made even worse ...