ScruLoose said: > Hi all, > > I'm interested in making a few files available to friends of > mine, and in having an upload directory for them to give me stuff, too. > I'm wondering what's the best tool for this job.
> The first thing that comes to mind is FTP, but I'm not sure it's the right > tool for the job. I've heard a lot of horror stories about its > (in)security... depends on your needs. if the files your transferring are not private data then ftp may be ok. You can setup users so they are locked into their home dirs(my preference of ftpd is generally ncftpd which is a commercial app, free for up to 5 concurrent users I think, non-commercial use only though). proftpd works well too, it has a lot of acls, though it's a bit more complicated to setup(ncftp you can lock users to their home dir just by adding them to a group, real easy!) another benefit to ncftpd, is at least I have never heard of any vulnerabilities for it in as long as I can remember. not so with proftpd, wu.ftpd, even the openbsd ftpd port to linux was vulnerable to a nasty DOS a while back(unfortunately it took debian something like 8 months to fix it) At my last company, to help the support staff I setup a proftpd server for anonymous access. It was real cool how it was setup I think. There was 2 directories, incoming and outgoing. everything was transferred using anonymous logins from the customers. incoming was writable by anyone, but reading was not allowed, listing files not allowed etc. Any attempts to list files reported 0 files. outgoing was readable by everyone, but no writing, and no file listing. So unless you knew the EXACT filename(and path if needed) you couldn't download anything. It prooved to be quite workable. Never had a problem. Sure sometimes a warez kiddie script may find the server and try to upload something, but it quickly fails when it figures out it cannot retrieve the file(s) it uploaded. Oh and no directory listings are permitted ANYWHERE. So when you login and do a 'ls' nothing comes back(even in the root directory). company employees can download the files via SSH w/RSA authentication(scp), or using a ftp account(special uid/password which has full access to the anonymous tree). They emailed links directly to the site so the end users could just click on the link or download it directly. I also setup another server(for remote access) using openssh and the chroot patch(chrootssh.sourceforge.net). As the name implies it locks users to their home directories as well. Been more then 8 months since I played with the system so I forget if theres anything special to do to the accounts to configure them in such a way. Before I found this project I used the commercial SSH server which had options to chroot users to their home dirs as well. yet another way would be one of them web-based file managers though thats kinda complicated. winscp and/or putty (winscp is based on putty code last I checked) are decent win32 ssh/scp clients. There's also cygwin which includes a full copy of openssh(server and all). for me, if I want to post a file for someone to download I throw it on my webserver, if I want someone to upload a file(which is so rare I can't remember the last time I asked someone to do such a thing), I add them an account on one of my spare servers(of course only trusted individuals get such accounts). I never transfer private/personal data over an unencrypted connection. not sure what your needs are though. nate -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
