[plug] re: ftp

Christian christian at amnet.net.au
Sat Aug 5 13:01:54 WST 2000


On Sat, Aug 05, 2000 at 12:50:33PM +0800, jlmiller at mmtnetworks.com.au wrote:
> The reason for tight security is each account belongs to a different company and yes they will only have access via FTP.  In each account directory will be drawings and other documents only for the owner of that account.  We do not need anyone else having access to the server for any other reason except to upload their documents and download their info.  Telnet is handled by ssh and is restricted to me.  Users on the internal network will have access to the accounts (via a telnet session or FTP) as they have to be able to access the location of the documents from their clients.  As these drawings are fairly large we can't send them via e-mail.
> Does this seem reasonable?
> 

Perfectly but I think the "correct" way to deal with this requirement
would be to set the default permissions on the users' directories to be
700 and set their umask appropriately.  Relying on FTP to restrict
access seems kludgy at best.  What if you ended up installing some
different form of file-sharing system on the machine?  You would have to
separately configure this to restrict access whereas if the permissions
on the files are correct to begin with then this won't be a problem.  If
you think about it, this is quite a realistic situation.  For example,
if some of your clients decide that their documents are so sensitive
that they want the transfer (and, more importantly, the authentication)
to be encrypted you might configure ssh to allow them to copy the files
via scp.  In such a situation, if the permissions aren't set right,
there is the potential for them to download files from other users'
directories.  If you set the permissions right to begin with, there
isn't a problem.

Regards,

Christian.



More information about the plug mailing list