[X4U] setting up an ftp server with tiger

[David Ledger]

At 23:54 -0700 26/10/06, x4u-request at listserver.themacintoshguy.com wrote:
>From: alexandre <mac.k at a2k.ch>
>i was aware of the password and username thing being sent out in the
>clear. the data that has to be downloaded from our server is not
>highly sensitve stuff.

If a bad guy gets a username and password and any other access method 
is turned on, they can access your machine. If only ftp is enabled 
they can still use your machine to store their kiddie porn.

>this will be a temporary solution for the next 2-3 weeks. what are my
>options for the long term in order to set up an secure(r) ftp server?

Don't use ftp unless you have to, use sftp or scp, then set up a new 
user as in my earlier reply. You have to learn a little about the ssh 
setup, keys etc.

On other Unix systems I would be using xinetd if I had to use ftp. 
Years ago, to enable ftp you started an ftp server at boot time, to 
enable telnet you started a telnet server at boot time, ... . As the 
number of services started at boot time increased we started using 
inetd, which listened on all specified ports and started a one-time 
only service of the appropriate type for each request received. 
xinetd extends this to increase security. For each service it can 
allow connections only from specified IP addresses or ranges for 
example. The config file format under Tiger is different to the one I 
am used to and as services are started differently on OS X to other 
Unixes I don't know how easy it is to use or what you have to do to 
make it effective. I'll get round to understanding the OS X way when 
it's been the same for two versions on the trot.

>btw, the people downloading files from my ftp server are dependent on
>my UPloading speed, right?

Yes.

David


-- 
David Ledger - Freelance Unix Sysadmin in the UK.
Chair of HPUX SysAdmin SIG of hpUG technical user group (www.hpug.org.uk)
david.ledger at ivdcs.co.uk
www.ivdcs.co.uk