vsftpd.conf

Jeff Spaleta jspaleta at gmail.com
Sun Sep 12 13:40:29 UTC 2004


On Sun, 12 Sep 2004 13:54:36 +0200, Kyrre Ness Sjobak
<kyrre at solution-forge.net> wrote:
> But if nobody installs a ftpd without confing it, what bad would it do
> to disable logins?

What bad would it be if http came completely unconfigured?
Or if sshd came completely unconfigured?

Its not unreasonable for a service to come configured to do something,
as soon as its in enabled.  The subtle and competent use of reasonably
sane defaults to provide commonly used reasonable safe(relative to the
purpose and scope of the service being started) and consistent
functionality is an art. In the case of ftp, password protected logins
by default are just completely unsafe becuase ftp uses clear text
authentication. That is clearly and utterly irresponsble if enabled by
default, such a feature relies heavily on the network its exposed to
being "trustable."

We can debate, forever, whether its reasonably safe to enable
anonymous user access by default for ftp. But to leave anon login for
ftp unconfigured by default, that sets a precedent, to leave every
service completely unconfigured to do NOTHING by default. And thats
just not a reasonable expectation. If sshd can come preconfigured to
do something, and httpd can come ccnfigured to do something... vsftpd
can come configured to do something by default as well. And for ftp,
the very restricted anonymous access vsftpd allows, seems a relatively
safe option compared to all the other default configured to do
something options for ftp.

The bulk of this discussion is completely uninteresting.. but there
have been hints about how to extend the functionality of
system-config-* for more and more services.  It would be interesting
to see if there is any interest to extend firstboot in some way to be
aware of each service package that was installed, and to think hard
about the ui of presenting users with a list of services that are
available and whether to enable it and maybe an option to configure
each service that has a system-config tool associated with it.

-jef





More information about the fedora-devel-list mailing list