search for: ftp_home_dir

On Mar 3, 2015, at 2:30 PM, Brian Mathis <brian.mathis+centos at betteradmin.com> wrote: > > people are bound by corporate restrictions That seems like an awfully convenient rug to sweep problems under. Can?t fix a security problem? Corporate restrictions! Can?t require sensible security defaults restrictions by default? Corporate restrictions! Can?t move off IE6? Corporate

...pam_loginuid.so # grep local /etc/vsftpd/vsftpd.conf local_enable=YES local_umask=022 chroot_local_user=YES # getsebool -a | grep ftp allow_ftpd_anon_write --> off allow_ftpd_full_access --> off allow_ftpd_use_cifs --> off allow_ftpd_use_nfs --> off allow_tftp_anon_write --> off ftp_home_dir --> on ftpd_disable_trans --> off ftpd_is_daemon --> on httpd_enable_ftp_server --> off tftpd_disable_trans --> off -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20090710/95b57cfd/attachment-00...

...39;, 'catchall_boolean', 'automount_exec_config', 'leaks', 'setenforce', 'ftpd_is_daemon', 'allow_zebra_write_config', 'firefox', 'nfs_export_all_ro', 'httpd_enable_cgi', 'httpd_tty_comm', 'public_content', 'ftp_home_dir', 'prelink_mislabled', 'allow_execstack', 'spamd_enable_home_dirs', 'sshd_root', 'samba_share_nfs', 'httpd_builtin_scripting', 'allow_ftpd_full_access', 'default', 'allow_ftpd_use_nfs', 'samba_enable_home_dirs', ...

...s, I hear all your arguments against using FTP. I completely get all that. But I am making things a little bit safer by using virtual users that have no access to the file system. The ftp user account has a shell of /bin/false. And I was able to get proftpd working with SELinux using setsebool -P ftp_home_dir on. The client is recalcitrant to using any technology he doesn't know. I have tried explaining to him that SFTP would make things safer. But in the end it's his money and his choice. He owns all the content he's uploading, so it's really his neck if it gets owned. But I think I...