Re: file server recommendations?
ScruLoose said:
> Hi all,
>
> I'm interested in making a few files available to friends of
> mine, and in having an upload directory for them to give me stuff, too.
> I'm wondering what's the best tool for this job.
> The first thing that comes to mind is FTP, but I'm not sure it's the right
> tool for the job. I've heard a lot of horror stories about its
> (in)security...
depends on your needs. if the files your transferring are not
private data then ftp may be ok. You can setup users so they are
locked into their home dirs(my preference of ftpd is generally ncftpd
which is a commercial app, free for up to 5 concurrent users I think,
non-commercial use only though). proftpd works well too, it has a lot
of acls, though it's a bit more complicated to setup(ncftp you can
lock users to their home dir just by adding them to a group, real easy!)
another benefit to ncftpd, is at least I have never heard of any
vulnerabilities for it in as long as I can remember. not so with
proftpd, wu.ftpd, even the openbsd ftpd port to linux was vulnerable
to a nasty DOS a while back(unfortunately it took debian something
like 8 months to fix it)
At my last company, to help the support staff I setup a proftpd server
for anonymous access. It was real cool how it was setup I think. There
was 2 directories, incoming and outgoing. everything was transferred
using anonymous logins from the customers. incoming was writable by
anyone, but reading was not allowed, listing files not allowed etc.
Any attempts to list files reported 0 files. outgoing was readable by
everyone, but no writing, and no file listing. So unless you knew the
EXACT filename(and path if needed) you couldn't download anything.
It prooved to be quite workable. Never had a problem. Sure sometimes
a warez kiddie script may find the server and try to upload something,
but it quickly fails when it figures out it cannot retrieve the file(s)
it uploaded. Oh and no directory listings are permitted ANYWHERE. So
when you login and do a 'ls' nothing comes back(even in the root
directory). company employees can download the files via SSH w/RSA
authentication(scp), or using a ftp account(special uid/password which has
full access to the anonymous tree). They emailed links directly to the
site so the end users could just click on the link or download it directly.
I also setup another server(for remote access) using openssh and
the chroot patch(chrootssh.sourceforge.net). As the name implies
it locks users to their home directories as well. Been more then
8 months since I played with the system so I forget if theres
anything special to do to the accounts to configure them in such
a way. Before I found this project I used the commercial SSH
server which had options to chroot users to their home dirs as
well.
yet another way would be one of them web-based file managers though
thats kinda complicated.
winscp and/or putty (winscp is based on putty code last I checked)
are decent win32 ssh/scp clients. There's also cygwin which includes
a full copy of openssh(server and all).
for me, if I want to post a file for someone to download I throw
it on my webserver, if I want someone to upload a file(which is
so rare I can't remember the last time I asked someone to do
such a thing), I add them an account on one of my spare servers(of course
only trusted individuals get such accounts). I never transfer
private/personal data over an unencrypted connection.
not sure what your needs are though.
nate
Reply to: