On Wednesday 02 August 2006 03:26, Titan wrote: > I have quite a predicament. I have been tasked with setting up an FTP > server for the research group I'm involved with. The problem is once > I'm gone someone with no *NIX experience will be maintaining the > server.
Does the ftp have to run on a unix-like system? Leaving someone unfamiliar with a system to maintain it is a pretty bad idea. It is much better to have the FTP server setup on an OS that he or she knows best, so that it can be patched and fixed quickly should problems occur. Even if that OS is said to be "insecure", it is still far better than having a server with an administrator has no clue of how it works, let alone patching it when needed. I still don't quite understand what your setup requirement is. Since you seem worried about the system being compromised, I presume that you are setting up a private ftp server. In that case, look into deploying SFTP rather than plain old FTP. Any good FTP client should support it, and it is the cheapest insurance you can get to keep the user information safe, which can only help you to protect the machine. > I've been considering using OpenBSD because it looks like it > can go far longer without updates than Windows and Linux servers and > looks to be very secure. It may be so, but don't bet on it. Any unpatched system, especially when (critical) patches are available, is simply inviting trouble. > In your experience, would it be possible for someone with no *NIX > experience to maintain a simple FTP server? If this person is willing to learn, OpenBSD is indeed one of the better unix-like system out there to administrate. The man pages are very well written, the FAQ on the project's website will answer a considerable number of questions, and the file system layout is logical and consistent. These are all benefits that makes administration easier. If your setup is simple and small, the box could probably be left alone to run for a while. In this case, it may not take your successor too much time to pick up enough unix to keep the box running for a while. > How long would you trust an unpatched OpenBSD server to go unhacked? That is like asking when do we expect the world to end :-) In other words, it is very hard to say for sure. OpenBSD comes with sane and reasonable default configuration, so it is likely that it will last much longer unpatched than other system, if the default configuration is not changed much. Patching an OpenBSD system is not exceedingly hard. The FAQ detailed how this can be done. Also, there is http://www.openbsd101.com that your successor may find useful if you did choose to deploy OpenBSD. There is also the mailing lists and the #OpenBSD channel over at freenode.net if reading through the documentations didn't help.
