[opensuse] simple FTP server?
Hello, I am running Leap and need to set up an FTP server for the home network. Nothing fancy, a fixed username/password giving read/write access to a directory. Using my own main user sounds a bit insecure, though? And I failed to find this simple setup in yast or in a quick google. Everything revolves around letting existing users log on thru FTP or not, and even that is not entirely clear (can my main user log on thru vsftpd by default? what do I do to enable/disable it?) I would appreciate advice on how to make this work in the simplest way possible. Bonus points for being able to share the same directory with the same credentials using samba. -- Yours, Mikhail Ramendik Unless explicitly stated, all opinions in my mail are my own and do not reflect the views of any organization -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Dne středa 14. září 2016 18:17:38 CEST, Mikhail Ramendik napsal(a):
I am running Leap and need to set up an FTP server for the home network. Nothing fancy, a fixed username/password giving read/write access to a directory. Using my own main user sounds a bit insecure, though?
It depends... Is the computer Your main working station? Is it behind reliable firewall? Can You trust Your users?
And I failed to find this simple setup in yast or in a quick google. Everything revolves around letting existing users log on thru FTP or not, and even that is not entirely clear (can my main user log on thru vsftpd by default? what do I do to enable/disable it?)
I don't know defaults, but in vsftpd.conf You can set particual group/users to (dis)allow to log in.
I would appreciate advice on how to make this work in the simplest way possible.
Did You check https://doc.opensuse.org/documentation/leap/reference/html/ book.opensuse.reference/cha.ftp.html and https://www.unixmen.com/how-to-setup-ftp-server-on-opensuse-42-1/ ? It was enough for me for similar task.
Bonus points for being able to share the same directory with the same credentials using samba.
HTH -- Vojtěch Zeisek Komunita openSUSE GNU/Linuxu Community of the openSUSE GNU/Linux https://www.opensuse.org/ https://trapa.cz/
On 2016-09-14 19:40, Vojtěch Zeisek wrote:
Dne středa 14. září 2016 18:17:38 CEST, Mikhail Ramendik napsal(a):
I am running Leap and need to set up an FTP server for the home network. Nothing fancy, a fixed username/password giving read/write access to a directory. Using my own main user sounds a bit insecure, though?
It depends... Is the computer Your main working station? Is it behind reliable firewall? Can You trust Your users?
I understand that ftp transmits the login/password in the clear, so using it for real system users across internet can not be safe. Inside a local network, it is different.
And I failed to find this simple setup in yast or in a quick google. Everything revolves around letting existing users log on thru FTP or not, and even that is not entirely clear (can my main user log on thru vsftpd by default? what do I do to enable/disable it?)
I don't know defaults, but in vsftpd.conf You can set particual group/users to (dis)allow to log in.
I have vsftp right now working with real users and an anonymous user. The former access their homes, the later a special tree. Like you, I don't remember the defaults, the configuration has been evolving over time. But it wasn't difficult. What can be tricky for ftp is the firewall. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Dne středa 14. září 2016 21:00:43 CEST, Carlos E. R. napsal(a):
On 2016-09-14 19:40, Vojtěch Zeisek wrote:
Dne středa 14. září 2016 18:17:38 CEST, Mikhail Ramendik napsal(a):
I am running Leap and need to set up an FTP server for the home network. Nothing fancy, a fixed username/password giving read/write access to a directory. Using my own main user sounds a bit insecure, though?
It depends... Is the computer Your main working station? Is it behind reliable firewall? Can You trust Your users?
I understand that ftp transmits the login/password in the clear, so using it for real system users across internet can not be safe. Inside a local network, it is different.
Yes. It relies on the quality of firewall. Anyway, I prefer SSH/SFTP. Same level of complicatedness and much better set of functions and security. YaST also allows FTPS - old FTP with extra SSL security. Just few clicks more.
And I failed to find this simple setup in yast or in a quick google. Everything revolves around letting existing users log on thru FTP or not, and even that is not entirely clear (can my main user log on thru vsftpd by default? what do I do to enable/disable it?)
I don't know defaults, but in vsftpd.conf You can set particual group/users to (dis)allow to log in.
I have vsftp right now working with real users and an anonymous user. The former access their homes, the later a special tree. Like you, I don't remember the defaults, the configuration has been evolving over time. But it wasn't difficult.
What can be tricky for ftp is the firewall.
Setting it via YaST is simple. Just allow FTP service (port 21) for selected network interface. Another case is the home firewall. It must allow port 21 for FTP. It should be somewhere in the device's settings. -- Vojtěch Zeisek Komunita openSUSE GNU/Linuxu Community of the openSUSE GNU/Linux https://www.opensuse.org/ https://trapa.cz/
On Wed, 14 Sep 2016 21:14:58 +0200
Vojtěch Zeisek
Dne středa 14. září 2016 21:00:43 CEST, Carlos E. R. napsal(a):
On 2016-09-14 19:40, Vojtěch Zeisek wrote:
Dne středa 14. září 2016 18:17:38 CEST, Mikhail Ramendik napsal(a):
I am running Leap and need to set up an FTP server for the home network. Nothing fancy, a fixed username/password giving read/write access to a directory. Using my own main user sounds a bit insecure, though?
It depends... Is the computer Your main working station? Is it behind reliable firewall? Can You trust Your users?
I understand that ftp transmits the login/password in the clear, so using it for real system users across internet can not be safe. Inside a local network, it is different.
Yes. It relies on the quality of firewall. Anyway, I prefer SSH/SFTP.
Or just use scp - no configuration at all.
Same level of complicatedness and much better set of functions and security. YaST also allows FTPS - old FTP with extra SSL security. Just few clicks more.
And I failed to find this simple setup in yast or in a quick google. Everything revolves around letting existing users log on thru FTP or not, and even that is not entirely clear (can my main user log on thru vsftpd by default? what do I do to enable/disable it?)
I don't know defaults, but in vsftpd.conf You can set particual group/users to (dis)allow to log in.
I have vsftp right now working with real users and an anonymous user. The former access their homes, the later a special tree. Like you, I don't remember the defaults, the configuration has been evolving over time. But it wasn't difficult.
What can be tricky for ftp is the firewall.
Setting it via YaST is simple. Just allow FTP service (port 21) for selected network interface. Another case is the home firewall. It must allow port 21 for FTP. It should be somewhere in the device's settings.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Dne středa 14. září 2016 20:57:48 CEST, Dave Howorth napsal(a):
On Wed, 14 Sep 2016 21:14:58 +0200 Vojtěch Zeisek
wrote: Dne středa 14. září 2016 21:00:43 CEST, Carlos E. R. napsal(a):
On 2016-09-14 19:40, Vojtěch Zeisek wrote:
Dne středa 14. září 2016 18:17:38 CEST, Mikhail Ramendik napsal(a):
I am running Leap and need to set up an FTP server for the home network. Nothing fancy, a fixed username/password giving read/write access to a directory. Using my own main user sounds a bit insecure, though?
It depends... Is the computer Your main working station? Is it behind reliable firewall? Can You trust Your users?
I understand that ftp transmits the login/password in the clear, so using it for real system users across internet can not be safe. Inside a local network, it is different.
Yes. It relies on the quality of firewall. Anyway, I prefer SSH/SFTP.
Or just use scp - no configuration at all.
SCP runs over SSH, doesn't it? So that SSH server must be configured, IMHO. -- Vojtěch Zeisek Komunita openSUSE GNU/Linuxu Community of the openSUSE GNU/Linux https://www.opensuse.org/ https://trapa.cz/
On 09/14/2016 01:17 PM, Mikhail Ramendik wrote:
And I failed to find this simple setup in yast or in a quick google.
Almost as a sidebar Sicne we occasionally get a "I can't find yast to do this" sort of questions, I'm going to suggest the following: Run # zypper search -u -t package yast | egrep -v trans That searches for uninstalled yast packages that aren't translation for other languages. Among them I see yast2-ftp-server Well, actually I use ProFTP. http://www.proftpd.org/ The package is proftpd-1.3.5b-10.1.x86_64 but then I'm on 13.2 YMMV As you can see on the web site, ProFTP has a flexible range of authentication and authorization options. It is module based; it sounds like you'll want mod_auth_unix which handles normal authentication via /etc/passwd, /etc/group Those don't have to be the system password/group files; you can point ProFTP at some other set, perhaps with one-and-only-one entry in it. As for SAMBA, are you using a LDAP based authentication scheme? I'm in the KISS camp, I only use it for transfers on my home LAN. I can recommend ProFTP over stock FTP for a number of reasons. https://en.wikipedia.org/wiki/ProFTPD#Configuration_and_features -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/14/2016 04:05 PM, Vojtěch Zeisek wrote:
Or just use scp - no configuration at all. SCP runs over SSH, doesn't it? So that SSH server must be configured, IMHO.
I don't think I've ever configured a SSH server. I just enable it during install. If you can SSH to a system, you can run SCP. You can also use fish://, with the Konqueror browser. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/14/2016 04:37 PM, James Knott wrote:
I don't think I've ever configured a SSH server. I just enable it during install.
+1 -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 14/09/2016 à 23:03, Anton Aylward a écrit :
On 09/14/2016 04:37 PM, James Knott wrote:
I don't think I've ever configured a SSH server. I just enable it during install.
+1
and open firewall :-) jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2016-09-14 21:14, Vojtěch Zeisek wrote:
Dne středa 14. září 2016 21:00:43 CEST, Carlos E. R. napsal(a):
On 2016-09-14 19:40, Vojtěch Zeisek wrote:
Dne středa 14. září 2016 18:17:38 CEST, Mikhail Ramendik napsal(a):
I am running Leap and need to set up an FTP server for the home network. Nothing fancy, a fixed username/password giving read/write access to a directory. Using my own main user sounds a bit insecure, though?
It depends... Is the computer Your main working station? Is it behind reliable firewall? Can You trust Your users?
I understand that ftp transmits the login/password in the clear, so using it for real system users across internet can not be safe. Inside a local network, it is different.
Yes. It relies on the quality of firewall. Anyway, I prefer SSH/SFTP. Same level of complicatedness and much better set of functions and security. YaST also allows FTPS - old FTP with extra SSL security. Just few clicks more.
Sorry, but what can a firewall do about a password transmitted in the clear? :-?
What can be tricky for ftp is the firewall.
Setting it via YaST is simple. Just allow FTP service (port 21) for selected network interface. Another case is the home firewall. It must allow port 21 for FTP. It should be somewhere in the device's settings.
Unfortunately, ftp uses two ports, and the second one varies. And depending on the choice of passive/active ftp, that port has to be opened in the server or the client. sftp/scp is far easier in that respect, using a single port, the one for ssh. But it can only use system users, AFAIK. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlfZ5DwACgkQja8UbcUWM1zBMQD9EJNm1w8jGQHLzemVdcwPvJzM ji47afjWzduSOK4wxKAA/jH+VKx+sTknqSqD+wAaFmcsfNDHjiIiydCsXXVWEdf/ =Pyub -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/14/2016 07:58 PM, Carlos E. R. wrote:
Sorry, but what can a firewall do about a password transmitted in the clear? :-?
That's why it's not a good idea to use FTP for other than anonymous use over the Internet. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/14/2016 09:04 PM, James Knott wrote:
On 09/14/2016 07:58 PM, Carlos E. R. wrote:
Sorry, but what can a firewall do about a password transmitted in the clear? :-?
That's why it's not a good idea to use FTP for other than anonymous use over the Internet.
I've found that implementing a HTTP server in [la e of a FTP server offers all the functionality, butter access control, in all aspects, and a host of other facilities that simply don't exist with FTP. And of course it can operate over a single port so is "firewall friendly". -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-09-15 03:27, Anton Aylward wrote:
On 09/14/2016 09:04 PM, James Knott wrote:
On 09/14/2016 07:58 PM, Carlos E. R. wrote:
Sorry, but what can a firewall do about a password transmitted in the clear? :-?
That's why it's not a good idea to use FTP for other than anonymous use over the Internet.
That's so.
I've found that implementing a HTTP server in [la e of a FTP server offers all the functionality, butter access control, in all aspects, and a host of other facilities that simply don't exist with FTP.
But not bidirectional. Eum... what means that "in [la e of a FTP" above? A cat on the keyboard? :-)
And of course it can operate over a single port so is "firewall friendly".
Yes. The problem I have is that sftp/ssh/fish is broken in Midnight Commander, so that I have to use ftp. Or, in "/etc//ssh/sshd_config" set: # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes I still don't know for sure what are the consequences of this change, security wise. I understand it facilitates script kiddie attacks. (See https://lists.opensuse.org/opensuse/2014-12/msg00589.html) -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On Thu, 15 Sep 2016 14:44:22 +0200
"Carlos E. R."
On 2016-09-15 03:27, Anton Aylward wrote:
I've found that implementing a HTTP server in [la e of a FTP server offers all the functionality, butter access control, in all aspects, and a host of other facilities that simply don't exist with FTP.
But not bidirectional.
Eh? Don't you believe GET and POST send data in opposite directions? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/15/2016 08:44 AM, Carlos E. R. wrote:
On 2016-09-15 03:27, Anton Aylward wrote:
I've found that implementing a HTTP server in [la e of a FTP server offers all the functionality, butter access control, in all aspects, and a host of other facilities that simply don't exist with FTP.
But not bidirectional.
If you are trying to say that you can't BOTH upload and download with a HTTP server, that is incorrect. You can. my point is that you have much better control over what can be downloaded and much better control over what happens when something is uploaded.
Eum... what means that "in [la e of a FTP" above? A cat on the keyboard? :-)
"... in place of a FTP server ..." -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2016-09-15 20:57, Dave Howorth wrote:
On Thu, 15 Sep 2016 14:44:22 +0200 "Carlos E. R." <>
But not bidirectional.
Eh? Don't you believe GET and POST send data in opposite directions?
Well, I can set up apache to download any file in a tree, but I wouldn't know how to upload a random file, or a directory. The idea is using something as a file browser. Ftp, scp, fish, samba, nfs... can do that. Yes, I know that you can upload a file with http, but you have to create an appropriate page to do it. And the client can't decide where goes that file. Me, I have no idea how. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlfbCdAACgkQja8UbcUWM1wvPgEAkDNA4sF/n8X7lOAqdcY0lvC4 RbewZ3kt9grWwTKXTngA/imWeuvxr2GmISa7JXTaTWTe7CJybaFu2Q5rrfJ2mmsI =o2Fg -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 2016-09-15 20:57, Dave Howorth wrote:
On Thu, 15 Sep 2016 14:44:22 +0200 "Carlos E. R." <>
But not bidirectional.
Eh? Don't you believe GET and POST send data in opposite directions?
Well, I can set up apache to download any file in a tree, but I wouldn't know how to upload a random file, or a directory. The idea is using something as a file browser.
WebDAV. -- Per Jessen, Zürich (15.9°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
n 09/16/2016 02:19 AM, Per Jessen wrote:
Carlos E. R. wrote:
On 2016-09-15 20:57, Dave Howorth wrote:
On Thu, 15 Sep 2016 14:44:22 +0200 "Carlos E. R." <>
But not bidirectional.
Eh? Don't you believe GET and POST send data in opposite directions?
Well, I can set up apache to download any file in a tree, but I wouldn't know how to upload a random file, or a directory. The idea is using something as a file browser.
WebDAV.
Well, that's a generalization, so far ahead of mere FTP. FTP can't do calendering, scheduling, trigger events. Lets face it, a local instance of openCloud isn't any harder to install/configure (Thank you the one-click install in https://software.opensuse.org/search) than one of the better FTP packages such as ProFTP. BTDT. Yes, openCloud is certainly "browser friendly' :-) -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 16/09/2016 à 15:05, Anton Aylward a écrit :
Yes, openCloud is certainly "browser friendly' :-)
not really the same I use owncloud and fish on Dolphin. but for very different purpose jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Anton Aylward wrote:
n 09/16/2016 02:19 AM, Per Jessen wrote:
Carlos E. R. wrote:
On 2016-09-15 20:57, Dave Howorth wrote:
On Thu, 15 Sep 2016 14:44:22 +0200 "Carlos E. R." <>
But not bidirectional.
Eh? Don't you believe GET and POST send data in opposite directions?
Well, I can set up apache to download any file in a tree, but I wouldn't know how to upload a random file, or a directory. The idea is using something as a file browser.
WebDAV.
Well, that's a generalization, so far ahead of mere FTP. FTP can't do calendering, scheduling, trigger events.
Nor can webDAV, but it enables other applications to do so. -- Per Jessen, Zürich (19.7°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (8)
-
Anton Aylward
-
Carlos E. R.
-
Dave Howorth
-
James Knott
-
jdd
-
Mikhail Ramendik
-
Per Jessen
-
Vojtěch Zeisek