FTP config advice or opinion

[Manuel Aróstegui]

El vie, 19-06-2009 a las 12:29 -0700, Jeff Boyce escribió:
> Greetings -
> 
> I am looking into setting up my first FTP server for my small office and am 
> wondering if anyone is willing to give any advice (must do's, or must not 
> do's) or opinions.  I am reading through the information in the RedHat 
> documents, the man page, and various howto's on the net, so I am beginning 
> to learn the ftp specific terminology.  My server runs RH3U9 and I plan on 
> running the vsftpd service that is installed with it (our company will 
> likely replace the server and upgrade to RH6 after it is released in the 
> next year or so, but until then this is what I have to work with).
> 
> Need:
> Our need for setting up an FTP sever in-house is that we regularly transfer 
> large files (mostly Word or PDF) back and forth to clients.  We have used 
> some of the commercial web sites for large file transfers, and some of our 
> clients ftp sites, and have had some complications and think that 
> controlling our own ftp site may be more convenient for us in the long run.
> 
> Objective:
> Our objective is to set up the ftp so that we can provide selected clients 
> with a directory that allows them to both upload and download files from our 
> server.  We would want each client isolated to a directory that is specific 
> to their project.  We would like to provide each client with a predefined 
> user name and password for their access.   Staff within the office would 
> have access to all the ftp project directories (it's a small office and we 
> all work on each others projects).  We don't need anonymous access.
> 
> It looks like from what I am reading that our clients would be considered 
> 'local users' in ftp terminology, and therefore I need to setup a user 
> account on our server for each client I am going to provide ftp access.  Is 
> this correct, or is there a different way to achieve my objective?  Our 
> (only) server functions primarily as the office Samba file server, OpenVPN 
> access point, and manages our tape backup system.
> 
> Any advice is appreciated, especially that which is specific to my objective 
> and with specific information about config settings that I should or should 
> not include.
> Thanks.

As some guys said, you might want to consider ssh instead of FTP, but
anyways, if you want to use FTP, install proftpd, for instance.

proftpd uses your system's /etc/passwd file by default, and so proftpd
users are the same as your system users. This is not very secure,
though.

You can use vsftpd and use virtual users intead of system's users
desribed above.

Hope this helps
Manuel.
-- 
Manuel Arostegui Ramirez.

Electronic Mail is not secure, might not be read every day, and should not
be used for urgent or sensitive issues.