-   Linux - Newbie (
-   -   Create FTP users for Download Only (

hiep.pham 06-11-2012 07:39 PM

Create FTP users for Download Only

I was wondering if there is a way that I can create a FTP user just for download only? If so, please provide a commands or if there is a link for it.



chrism01 06-11-2012 08:09 PM

wpeckham 06-12-2012 09:56 AM

1. There are about six ways I can think of just off the top, but the link already provided is a good start. If that does not satisfy, post that news here for more suggestions.

2. Why use ftp when SFTP is much more safe, secure, and reliable?

hiep.pham 06-12-2012 12:55 PM

Thank you for your input.
I just finish created an FTP account for one of the employee and since he works with third party and he would like to know if that possible to create an additional account so that party can just download the files. And he doesn't want that party to delete or mess up with his file. Do you think it is safe or recommend to create anonymous account for it?



wpeckham 06-13-2012 07:42 AM

It depends upon what you mean by 'safe'. If it is OK for just anyone in the world to download the available files and you make an account (and adjust permissions) so they can only download and not upload, it is pretty safe until you get compromised.

One thing to realize, is that FTP passes account names and passwords in clear text. Anyone who can trap packets and read can easily own any of your FTP accounts. Only if they are ALL download only is there any security. Using a protocol that encrypts security information (sftp already mentioned) is the generally accepted answer to that security issue. No FTP server can be made entirely safe. The best I know runs from CD or DVD (read only media) does not use persitance, and reboots from the read-only media at encountering any suspicious behavior. (And that is DARNED inconvenient at times). FTP is just not secure or safe, period.

Being safe and secure and using ftp do not work together. You might consider one of the more secure ftp server packages, locking down all accounts and file spaces ftp users can reach to make them read-only, and monitoring logs carefully, running rootkithunter and other compromise detection, backing up often, and praying a lot.

Or you could use a more secure protocol, still engage most of the above, but relax a bit.

chrism01 06-13-2012 07:57 PM

I'd recommend using SFTP as above (or even scp), using ssh auth-keys if reqd.
This is assuming CLI access.

If he's using a GUI, then Filezilla offers the option of using port 22 (ie sftp) and has clients for both Linux & MS-Win.

In theory you can secure vsftpd by using the TLS extension/option, but its a messy messy business...

All times are GMT -5. The time now is 05:45 AM.