Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
06-11-2012, 08:39 PM
|
#1
|
Member
Registered: Jun 2012
Posts: 54
Rep: 
|
Create FTP users for Download Only
Greeting,
I was wondering if there is a way that I can create a FTP user just for download only? If so, please provide a commands or if there is a link for it.
Thanks,
Hiep
|
|
|
06-11-2012, 09:09 PM
|
#2
|
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,425
|
|
|
|
06-12-2012, 10:56 AM
|
#3
|
LQ Guru
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS, Manjaro
Posts: 6,077
|
Sure
1. There are about six ways I can think of just off the top, but the link already provided is a good start. If that does not satisfy, post that news here for more suggestions.
2. Why use ftp when SFTP is much more safe, secure, and reliable?
|
|
|
06-12-2012, 01:55 PM
|
#4
|
Member
Registered: Jun 2012
Posts: 54
Original Poster
Rep: 
|
Thank you for your input.
I just finish created an FTP account for one of the employee and since he works with third party and he would like to know if that possible to create an additional account so that party can just download the files. And he doesn't want that party to delete or mess up with his file. Do you think it is safe or recommend to create anonymous account for it?
Thanks,
-Hiep
|
|
|
06-13-2012, 08:42 AM
|
#5
|
LQ Guru
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS, Manjaro
Posts: 6,077
|
Safe?
It depends upon what you mean by 'safe'. If it is OK for just anyone in the world to download the available files and you make an account (and adjust permissions) so they can only download and not upload, it is pretty safe until you get compromised.
One thing to realize, is that FTP passes account names and passwords in clear text. Anyone who can trap packets and read can easily own any of your FTP accounts. Only if they are ALL download only is there any security. Using a protocol that encrypts security information (sftp already mentioned) is the generally accepted answer to that security issue. No FTP server can be made entirely safe. The best I know runs from CD or DVD (read only media) does not use persitance, and reboots from the read-only media at encountering any suspicious behavior. (And that is DARNED inconvenient at times). FTP is just not secure or safe, period.
Being safe and secure and using ftp do not work together. You might consider one of the more secure ftp server packages, locking down all accounts and file spaces ftp users can reach to make them read-only, and monitoring logs carefully, running rootkithunter and other compromise detection, backing up often, and praying a lot.
Or you could use a more secure protocol, still engage most of the above, but relax a bit.
|
|
|
06-13-2012, 08:57 PM
|
#6
|
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,425
|
I'd recommend using SFTP as above (or even scp), using ssh auth-keys if reqd.
This is assuming CLI access.
If he's using a GUI, then Filezilla offers the option of using port 22 (ie sftp) and has clients for both Linux & MS-Win.
In theory you can secure vsftpd by using the TLS extension/option, but its a messy messy business...
|
|
|
All times are GMT -5. The time now is 06:53 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|