Setting FTP in Linux not only ensures that the system files are not deleted but also can be accessed by valid FTP users.
Source: Internet
Author: User
In Linux, setting FTP not only ensures that system files are not deleted but also allows normal access by FTP legal users-Linux Enterprise Application-Linux server application information. For more information, see the following. A: As an FTP server on the Internet, system security is very important. This is the first question that the FTP server Founder has considered. Its security mainly includes the following aspects:
1. Unauthorized users are prohibited from performing FTP operations on the server.
2. FTP users cannot read files or directories not permitted by the system owner.
3. FTP users are not allowed to create files or directories on the server.
4. FTP users cannot delete files or directories on the server.
The FTP server adopts some methods to verify the user identity to solve the first problem, including the following measures:
The user account used by the FTP user must be recorded in the/etc/passwd file (except for anonymous FTP users), and the password cannot be blank. The server rejects access if the user account and password are not entered correctly.
The FTP daemon FTPd also uses a/etc/FTPusers file. All users in this file will be denied by the server to provide the FTP service. The server administrator can create an "undesirable" user directory to deny access to these users.
The server accepts anonymous FTP connections only when the/etc/passwd file on the server contains a user named "FTP. Anonymous FTP users can use "anonymous" or "FTP" as their usernames and their own Internet email addresses as their passwords.
To solve the other three security issues, you should manage the file attributes in the FTP home directory. We recommend that you take the following measures for each directory and its files:
FTP main directory: Set the owner of this directory to "FTP", and set the attribute to non-writable for all users to prevent malicious users from deleting files.
FTP/bin directory: This directory mainly contains some system files. The owner of this directory should be set to "root" (I .e., Super User ), setting the attribute to all users is not writable. To ensure that valid users can display files, set the ls file attribute in the directory to executable.
FTP/etc directory: Set the owner of this directory to "root" and set the attribute to non-writable by all users. Set the attributes of the group file and passwd file in the directory to all user read-only attributes, and delete the password that the user adds to the passwd file in the editor.
FTP/pub Directory: Set the owner of this directory to "FTP" and set its attributes to read, write, and execute by all users.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
