FTP config advice or opinion

[Daniel Carrillo]

2009/6/20 Manuel Aróstegui <manuel at todo-linux.com>:
> El vie, 19-06-2009 a las 12:29 -0700, Jeff Boyce escribió:
>> Greetings -
>>
>> I am looking into setting up my first FTP server for my small office and am
>> wondering if anyone is willing to give any advice (must do's, or must not
>> do's) or opinions.  I am reading through the information in the RedHat
>> documents, the man page, and various howto's on the net, so I am beginning
>> to learn the ftp specific terminology.  My server runs RH3U9 and I plan on
>> running the vsftpd service that is installed with it (our company will
>> likely replace the server and upgrade to RH6 after it is released in the
>> next year or so, but until then this is what I have to work with).
>>
>> Need:
>> Our need for setting up an FTP sever in-house is that we regularly transfer
>> large files (mostly Word or PDF) back and forth to clients.  We have used
>> some of the commercial web sites for large file transfers, and some of our
>> clients ftp sites, and have had some complications and think that
>> controlling our own ftp site may be more convenient for us in the long run.
>>
>> Objective:
>> Our objective is to set up the ftp so that we can provide selected clients
>> with a directory that allows them to both upload and download files from our
>> server.  We would want each client isolated to a directory that is specific
>> to their project.  We would like to provide each client with a predefined
>> user name and password for their access.   Staff within the office would
>> have access to all the ftp project directories (it's a small office and we
>> all work on each others projects).  We don't need anonymous access.
>>
>> It looks like from what I am reading that our clients would be considered
>> 'local users' in ftp terminology, and therefore I need to setup a user
>> account on our server for each client I am going to provide ftp access.  Is
>> this correct, or is there a different way to achieve my objective?  Our
>> (only) server functions primarily as the office Samba file server, OpenVPN
>> access point, and manages our tape backup system.
>>
>> Any advice is appreciated, especially that which is specific to my objective
>> and with specific information about config settings that I should or should
>> not include.
>> Thanks.
>
> As some guys said, you might want to consider ssh instead of FTP, but
> anyways, if you want to use FTP, install proftpd, for instance.
>
> proftpd uses your system's /etc/passwd file by default, and so proftpd
> users are the same as your system users. This is not very secure,
> though.
>
> You can use vsftpd and use virtual users intead of system's users
> desribed above.
>
> Hope this helps
> Manuel.
> --

Hi all.

IMHO, de described scenario is a candidate for SFTP (FTP over SSL) not
ssh/sftp. The target is file sharing not system access.

I suggest vsftp + ssl + virtual users without system accounts.

This is my oppinion, and I'm not the only one:

http://vsftpd.beasts.org/#people

Of course there is too many alternatives.

Hope, this also helps.
BR.