vsftpd.conf

Jeff Spaleta jspaleta at gmail.com
Sun Sep 12 22:48:36 UTC 2004


On Sun, 12 Sep 2004 11:11:00 -0700 (PDT), James Harrison
<jamesaharrisonuk at yahoo.co.uk> wrote:
> Has anyone looked at proftpd an alternative to vsftpd
> (http://proftpd.linux.co.uk) ?
> 
> It appears that it has a provision for ssl.
> 
> No more need for clear text passwords......

So does vsftpd via openssl(though there are of course licensing issues
associated with openssl which make adding for support for gnutls
attractive). I won't bother giving you the faq url or the quote from
the vsftpd manpage outlining that. I'll leave that as an excercise for
the reader.

But thats not the point... the point is a sane default that provides 
reasonable commonly expected functionality when the service is enabled
in a reasonable safe fashion. Tradeoffs must be made between security
and functionality and usability. Reasonable defaults find the balance.
Reasonable.... that's a word that can't be stressed enough.  Let's
talk about reasonable for a minute.... I don't see anyone using the
same arguments to say that httpd should come configured by default to
ONLY do encypted authenticated based access. I wonder why that is?
There is an expectation that httpd should come enabled by default to
allow unencrypted public access when its enabled. Thats a reasonable
expectation, considering http's widespread use as a public anonymous
way to retrieve information. And i think the same expectation can be
reasonable applied for default ftp server behavior, to enable
anonymous public access to data. Both http and ftp can be configured
for different purposes...but we are talking about reasonable defaults
that strike the balance.  And I for one find it...unreasonable...to
talk about ftp's anonymous default access like its a special case
situation, when no one is making the same arguments to lockdown
httpd's default configuration.

-jef"The reasonable man adapts himself to the world; the unreasonable
one persists
      in trying to adapt the world to himself. Therefore all progress
depends on the
      unreasonable man. --George Bernard Shaw"spaleta





More information about the fedora-devel-list mailing list