Hi, A long time ago (2012) I tried setting up an FTP server but couldn't get it to work in a fashion I felt was secure enough. But now during my vacation I've had time to try again in peace and quiet. And it seems I've got it working.
The FTP server is VSFTP (https://security.appspot.com/vsftpd.html) and the username is as follows lyxftp Regarding the password, it's to be discussed how/when/to whom we should give it out. Personally I'm ok with the approach of allowing e.g. regular user's (from the lists) access once they ask for the password. The 'lyxftp' user is a "virtual user" on the FTP server daemon, not a real user no the server. It should be the only user account able to log in to the FTP. Only the "uploads/"-folder of the wiki should be accessible via the FTP. There is (unfortunately) no restrictions on allowed file types nor sizes. However, we still have a script on the wiki site that sends and e-mail to the doc-list when the set of uploaded files change. Further, the FTP server is at the moment not started automaticaly at reboot. What I'd like now is the following: - Discussion/consensus on when/how we give out the password - Some volunteers to help me check that it works as expected (e-mail me and I'll respond with the password) Regards, Christian PS. Note regarding the FTP configuration: I will also ask on the users' and developers' list if there's anyone experienced in VSFTP that could "audit" the FTP configuration, as I'm a novice at this and I want it secure. -- Christian Ridderström, +46-70 687 39 44
