FTP server security

  
        

As an FTP server on the Internet, the security of the system is very important. This is the first issue considered by the FTP server. Its security mainly includes the following aspects:

1. Unauthorized users are prohibited from performing FTP operations on the server.

Second, FTP users cannot read files or directories that are not allowed by the system owner.

Three, without permission, FTP users cannot create files or directories on the server.

4. FTP users cannot delete files or directories on the server.

The FTP server has taken some measures to verify the identity of the user to solve the first problem mentioned above, mainly including the following measures: The user account used by the FTP user must be recorded in the /etc/passwd file. (except for anonymous FTP users), and his password cannot be empty. The server denied access if the user account and password were not entered correctly.

The FTP daemon FTPd also uses an /etc/FTPusers file. Any user who appears in this file will be denied access to the FTP service by the server. Server management can create "unwelcome" user directories that deny access to these users.

A server can accept anonymous FTP connections only if there is a user named "FTP" in the /etc/passwd file on the server. Anonymous FTP users can use "anonymous" or "FTP" Username, your own Internet email address as a secret word. In order to solve the other three problems of the above security, the file attributes under the FTP home directory should be managed. It is recommended to take the following measures for each directory and its files:

FTP home directory: put this directory The owner is set to "FTP", and the attribute is set to all users are not writable, preventing unscrupulous users from deleting files.

FTP/bin directory: This directory mainly stores some system files. The owner of this directory should be set to "root" (ie superuser), and the attribute is set to all users can not be written. To ensure that legitimate users can display files, the ls file attribute in the directory should be set to executable.

FTP/etc directory: Set the owner of this directory to "root" and set the attribute to all users to be unwritable. Set the properties of the group file and passwd file in the directory to the read-only attribute of all users, and use the editor to delete the password encrypted by the user in the passwd file.

FTP/pub directory: Set the owner of this directory to "FTP" and set its properties to be readable, writable, and executable by all users.

This setting ensures that the system files are not deleted and the normal access of FTP legitimate users is guaranteed.

Copyright © Windows knowledge All Rights Reserved