Guys, I hear all your arguments against using FTP. I completely get all that. But I am making things a little bit safer by using virtual users that have no access to the file system. The ftp user account has a shell of /bin/false. And I was able to get proftpd working with SELinux using setsebool -P ftp_home_dir on.
The client is recalcitrant to using any technology he doesn't know. I have tried explaining to him that SFTP would make things safer. But in the end it's his money and his choice. He owns all the content he's uploading, so it's really his neck if it gets owned. But I think I've done a reasonable job of keeping things safe. Still open to criticism of course. And I appreciate all your input. Thanks, Tim On Tue, Mar 3, 2015 at 5:56 PM, Warren Young <w...@etr-usa.com> wrote: > On Mar 3, 2015, at 2:30 PM, Brian Mathis < > brian.mathis+cen...@betteradmin.com> wrote: > > > > people are bound by corporate restrictions > > That seems like an awfully convenient rug to sweep problems under. > > Can’t fix a security problem? Corporate restrictions! > > Can’t require sensible security defaults restrictions by default? > Corporate restrictions! > > Can’t move off IE6? Corporate restrictions! > > This seems like code for “We’d really rather computing in 2015 worked like > computing in 1995.” > > I’d say this continued “dead horse beating” is helpful. No one should > come away from proposing a solution based on FTP in 2015 without being > chastised for it. > _______________________________________________ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
