> > I hear all your arguments against using FTP. I completely get all that. > But I am making things a little bit safer by using virtual users that have > no access to the file system. The ftp user account has a shell of > /bin/false. And I was able to get proftpd working with SELinux > using setsebool -P ftp_home_dir on. Oh and one important point I forgot to mention, is that the FTP user's home directory is jailed. Thanks!! Tim On Wed, Mar 4, 2015 at 10:04 PM, Tim Dunphy <bluethundr@xxxxxxxxx> wrote: > Guys, > > I hear all your arguments against using FTP. I completely get all that. > But I am making things a little bit safer by using virtual users that have > no access to the file system. The ftp user account has a shell of > /bin/false. And I was able to get proftpd working with SELinux > using setsebool -P ftp_home_dir on. > > The client is recalcitrant to using any technology he doesn't know. I have > tried explaining to him that SFTP would make things safer. But in the end > it's his money and his choice. He owns all the content he's uploading, so > it's really his neck if it gets owned. But I think I've done a reasonable > job of keeping things safe. Still open to criticism of course. And I > appreciate all your input. > > Thanks, > Tim > > On Tue, Mar 3, 2015 at 5:56 PM, Warren Young <wyml@xxxxxxxxxxx> wrote: > >> On Mar 3, 2015, at 2:30 PM, Brian Mathis < >> brian.mathis+centos@xxxxxxxxxxxxxxx> wrote: >> > >> > people are bound by corporate restrictions >> >> That seems like an awfully convenient rug to sweep problems under. >> >> Can’t fix a security problem? Corporate restrictions! >> >> Can’t require sensible security defaults restrictions by default? >> Corporate restrictions! >> >> Can’t move off IE6? Corporate restrictions! >> >> This seems like code for “We’d really rather computing in 2015 worked >> like computing in 1995.” >> >> I’d say this continued “dead horse beating” is helpful. No one should >> come away from proposing a solution based on FTP in 2015 without being >> chastised for it. >> _______________________________________________ >> CentOS mailing list >> CentOS@xxxxxxxxxx >> http://lists.centos.org/mailman/listinfo/centos >> > > > > -- > GPG me!! > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos