On Fri, 2002-04-19 at 10:42, Patrick Kirk wrote: > I have a Proftpd ftp server with a user called ftp whose password is > given to clients who need to get drivers, etc. > Just realised that someone has logged on and cd-ed to my directory and > downloaded a mailbox. > But how can I prevent people doing this, as it's a very lax setup that > could well lead to trouble? 1. Make sure directories with 'critical' information are not world-readable (like home-dirs, mailboxes etc) 2. Chroot the ftp-account with the files under it (proftp supports chrooting) 3. Remove ftp alltogether, replace it with a http server, limited to the tree of files you want accessable... More then enough choices... -- Mark Janssen Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT E-mail: mark(at)markjanssen.nl / maniac(at)maniac.nl GnuPG Key Id: 357D2178 WWW Maniac.nl Unix-God.[Net|Org] MarkJanssen.[com|net|org|nl] SyConOS.[com|nl]
Attachment:
signature.asc
Description: This is a digitally signed message part