How to implement security for FTP servers in Linux
Source: Internet
Author: User
How to implement security for FTP servers in Linux-Linux Enterprise applications-Linux server application information. As an FTP server on the Internet, the security of the system is very important. This is the first problem that is considered by setting up an FTP server. Its security mainly includes the following aspects:
1. Unauthorized users are prohibited from performing FTP operations on the server.
2. FTP users cannot read files or directories not permitted by the system owner.
3. FTP users are not allowed to create files or directories on the server.
4. FTP users cannot delete files or directories on the server.
The FTP server adopts some methods to verify the user identity to solve the first problem, including the following measures:
The user account used by the FTP user must be recorded in the/etc/passwd file (except for anonymous FTP users), and his password cannot be blank. The server rejects access if the user account and password are not entered correctly.
The FTP daemon FTPd also uses a/etc/FTPusers file. All users in this file will be denied by the server to provide the FTP service. Server Management can create "undesirable" User Directories and reject these users? Q. only when a user named "FTP" exists in the/etc/passwd file of the server can the server accept anonymous FTP connections, anonymous FTP users can use "anonymous" or "FTP" as their usernames and their own Internet email addresses as confidential words. To solve the other three security issues, you should manage the file attributes in the FTP home directory. We recommend that you take the following measures for each directory and its files:
FTP home directory: Set the owner of this directory to "FTP", and set the attribute to all users is not writable, to prevent malicious users from deleting files.
FTP/bin directory: This directory mainly contains some system files. The owner of this directory should be set to "root" (Super User ), setting the attribute to all users is not writable. To ensure that valid users can display files, set the ls file attribute in the directory to executable.
FTP/etc directory: Set the directory owner to "root", and set the attribute to all users. Set the attributes of the group file and passwd file in the directory to all user read-only attributes, and delete the password that the user adds to the passwd file in the editor. FTP/pub Directory: Set the owner of this directory to "FTP" and set its attributes to read, write, and execute by all users.
This ensures that the system files are not deleted or modified, and that FTP users can access the files normally.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.