[CentOS] selinux allow FTP

Thu Mar 5 03:04:10 UTC 2015
Tim Dunphy <bluethundr at gmail.com>

Guys,

 I hear all your arguments against using FTP. I completely get all that.
But I am making things a little bit safer by using virtual users that have
no access to the file system. The ftp user account has a shell of
/bin/false. And I was able to get proftpd working with SELinux
using setsebool -P ftp_home_dir on.

The client is recalcitrant to using any technology he doesn't know. I have
tried explaining to him that SFTP would make things safer. But in the end
it's his money and his choice. He owns all the content he's uploading, so
it's really his neck if it gets owned. But I think I've done a reasonable
job of keeping things safe. Still open to criticism of course. And I
appreciate all your input.

Thanks,
Tim

On Tue, Mar 3, 2015 at 5:56 PM, Warren Young <wyml at etr-usa.com> wrote:

> On Mar 3, 2015, at 2:30 PM, Brian Mathis <
> brian.mathis+centos at betteradmin.com> wrote:
> >
> > people are bound by corporate restrictions
>
> That seems like an awfully convenient rug to sweep problems under.
>
> Can’t fix a security problem?  Corporate restrictions!
>
> Can’t require sensible security defaults restrictions by default?
> Corporate restrictions!
>
> Can’t move off IE6?  Corporate restrictions!
>
> This seems like code for “We’d really rather computing in 2015 worked like
> computing in 1995.”
>
> I’d say this continued “dead horse beating” is helpful.  No one should
> come away from proposing a solution based on FTP in 2015 without being
> chastised for it.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B