fedora-selinux-list Digest, Vol 20, Issue 9

John Griffiths fedora at grifent.com
Mon Oct 10 19:20:48 UTC 2005



fedora-selinux-list-request at redhat.com wrote:

>
> ------------------------------------------------------------------------
>
> Subject:
> Re: cant create dirs from vsftpd
> From:
> Peter Magnusson <iocc at fedora-selinux.lists.flashdance.cx>
> Date:
> Sun, 9 Oct 2005 23:01:03 +0200 (CEST)
> To:
> "Lamont R. Peterson" <lamont at gurulabs.com>
>
> To:
> "Lamont R. Peterson" <lamont at gurulabs.com>
> CC:
> Fedora SELinux <fedora-selinux-list at redhat.com>
>
>
> On Mon, 3 Oct 2005, Lamont R. Peterson wrote:
>
>>> Yes, you are. Im NOT talking about an anonymous ftp server. I login 
>>> with my
>>> user and I expect to have the same files available as when I login over
>>> ssh or sits in front of the computer.
>>
>>
>> Daniel has already replied and told you how to make the change you 
>> want.  I
>> will just say that the setup you describe here is VERY VERY insecure.
>
>
> Yes. Just like it worked in FC3.
>
>> Remember, FTP is not encrypted, so your username and password are 
>> going over
>> the wire in clear text.  Also, since the FTP daemon has access to the 
>> whole
>> filesystem, anyone can get anything on your box (possibly even write any
>> files they want, though that would depend on more configuration 
>> details than
>> what you have told me about).
>
>
> I know, if I am at some untrusted location I ftp to a temp-ftp account 
> that I change the password for each time. Or use scp.
>
>> FTP is the wrong tool for this.  You should use sftp (from SSH not 
>> SSL) or
>> scp.
>
>
> Problems with scp: cant tab dirs, cant use -R like in ncftp to upload 
> whole dirs.
>
> scp -r works but thats not always how I want it.

Use sftp.

John Griffiths




More information about the selinux mailing list