At 23:54 -0700 26/10/06, x4u-request at listserver.themacintoshguy.com wrote: >From: alexandre <mac.k at a2k.ch> >i was aware of the password and username thing being sent out in the >clear. the data that has to be downloaded from our server is not >highly sensitve stuff. If a bad guy gets a username and password and any other access method is turned on, they can access your machine. If only ftp is enabled they can still use your machine to store their kiddie porn. >this will be a temporary solution for the next 2-3 weeks. what are my >options for the long term in order to set up an secure(r) ftp server? Don't use ftp unless you have to, use sftp or scp, then set up a new user as in my earlier reply. You have to learn a little about the ssh setup, keys etc. On other Unix systems I would be using xinetd if I had to use ftp. Years ago, to enable ftp you started an ftp server at boot time, to enable telnet you started a telnet server at boot time, ... . As the number of services started at boot time increased we started using inetd, which listened on all specified ports and started a one-time only service of the appropriate type for each request received. xinetd extends this to increase security. For each service it can allow connections only from specified IP addresses or ranges for example. The config file format under Tiger is different to the one I am used to and as services are started differently on OS X to other Unixes I don't know how easy it is to use or what you have to do to make it effective. I'll get round to understanding the OS X way when it's been the same for two versions on the trot. >btw, the people downloading files from my ftp server are dependent on >my UPloading speed, right? Yes. David -- David Ledger - Freelance Unix Sysadmin in the UK. Chair of HPUX SysAdmin SIG of hpUG technical user group (www.hpug.org.uk) david.ledger at ivdcs.co.uk www.ivdcs.co.uk