Mailinglist Archive: opensuse-security (359 mails)

< Previous Next >
Re: [suse-security] ftp server "best practice"
  • From: Daniel Nilsson <dnilsson@xxxxxxxxxx>
  • Date: Thu, 24 Jul 2003 10:17:28 -0400
  • Message-id: <3F1FEA78.60904@xxxxxxxxxx>
Markus Gaugusch wrote:
On Jul 24, Daniel Nilsson <dnilsson@xxxxxxxxxx> wrote:

I'm tasked to add an ftp server to our companys "internet presence", the
ftp server will need to have accounts on it since the data is not for
the public. Currently our setup consists of a number of Linux firewalls
for our 4 office locations that then in turn connects these 4 office
locations using ipsec. In addition, at our main office location we have
a DMZ with a webserver.

I would suggest to use a HTTP server (no problems with downloading, easy
protection of files using .htaccess. If the passwords are more sensitive,
use HTTPS.
For uploading use SFTP, a very good client program for windows is
FileZilla from http://filezilla.sf.net. Best of all: it's freeware and can
also be used as standard ftp client. You may also want to restrict access
to the sftp (ssh) server based on ip address to get maximum security.

Markus,

Thanks for the input. What I'm not sure about when it comes to using HTTP is how easy it would be to setup separate user accounts for our customers. Let's say we want to ship a patch to a single customer for example, I think what the software teams is looking to do is to setup an account for that customer on the ftp site where the customer can log in and download files intended for that customer only. That's simple with an ftp server since it will have the concept of a "home directory" for that ftp user.

I agree that HTTP would be a much better solution, but I just don't know how to solve the problem with different areas for different customers. Can that be done using some rewrite logic in the apache config or something ?

Thanks
--
Daniel Nilsson


< Previous Next >