0

I need to configure ftpd on a CentOS 5.3 host to allow anonymous ftp (upload and download) from a well defined directory.

I wish the setup to be as simple as possible, and to introduce as little new dependencies as possible.

Scanning the current server configuration, I found the ftpd server that comes as part of the Kerberos workstation:

> rpm -ql krb5-workstation | grep ftpd$
/usr/kerberos/sbin/ftpd

Is there any reason I could or should not use this ftp server?

Chen Levy
  • 283
  • 3
  • 12

1 Answers1

1

ftpd from the krb5-workstation package is going to support kerberised authentication which you say you don't need.

If it were me, in the absence of any other reasoning, I'd choose one of the more mainstream ftp servers, such that are available as packages on C5.3 such as pure-ftpd or vsftpd, just because they get more scrutiny.

Also, it should go without saying, but sometimes it needs to be said anyway: Anonymous upload ftp servers are more or less guaranteed to get used for nefarious purposes in next to no time. Please tell us that you have this secured on an internal network or safely behind a firewall that drops traffic to this port except from certain specified hosts?

dotplus
  • 1,220
  • 7
  • 12
  • Unfortunately I am required to have this as an anonymous FTP server, and I can't guarantee it will be restricted to a specific network. I do intend, however to limit the read and right privileges, as well as to have a digital signature and verification. – Chen Levy Mar 14 '10 at 07:53