Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
vsftpd user/pass + anon access
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
666threesixes666
Veteran
Veteran


Joined: 31 May 2011
Posts: 1248
Location: 42.68n 85.41w

PostPosted: Sun Jan 27, 2013 5:10 pm    Post subject: vsftpd user/pass + anon access Reply with quote

my friend would like to run a ftp server.... this is for mixing and mastering studio tracks and pushing the remasters back to the band. server is located at the band....

cat /etc/vsftpd/vsftpd.conf
listen=YES
local_enable=YES
anonymous_enable=YES
write_enable=YES
anon_root=/home/ftp

user ftp
password ftpsecurepassword

good idea? secure? or is this completely unorthodox? is gftping into this server going to expose passwords in cleartext or is ssl default on the ebuild? i got 3 days to do this right.... if it gets the ok ill update the wiki page i started found here...... (i just know about pushing files out to the world, not the other way around)

http://wiki.gentoo.org/wiki/Vsftpd
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21489

PostPosted: Sun Jan 27, 2013 5:24 pm    Post subject: Reply with quote

That looks very insecure to me. Your password is all lowercase, contains your username, and contains the string password. Additionally, you are enabling anonymous access, but you have not explained why that is necessary. According to the manual, SSL is not permitted by default.

Do you need to use ftp to do this? If the only authorized writers are on Linux, I strongly suggest using sftp instead. You can get sftp clients for Windows and Mac OS also, but sftp is almost guaranteed to be available for Linux users.
Back to top
View user's profile Send private message
666threesixes666
Veteran
Veteran


Joined: 31 May 2011
Posts: 1248
Location: 42.68n 85.41w

PostPosted: Sun Jan 27, 2013 5:32 pm    Post subject: Reply with quote

its not actually the password..... the password will probably be S0me+Hin91iKeTh15... (im not posting it on the net, and its not yet been generated) anon access to pull from a browser (firefox) they are a band, they dont understand linux, they just want a laptop hidden in the corner to serve music files from bands main location to studio to band members, and maybe a few other people on top of it....

it needs to be ftp so the studio guru can use a ftp client to push remasters back to the file share.... i was suggesting samba to them at first but they wanted to do it over the internet.

i basically need anon down + secure upload
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum