server to retrieve files. Anonymous servers provide the most flexibility, but
they can also present a security risk. Fortunately, as you will read in this
chapter, Ubuntu is set up to use proper file and directory permissions and
common-sense default configuration, such as disallowing root to perform an
FTP login.
NOTE
FTP is an old protocol and is no longer considered secure by most security
experts. Most Linux users now use OpenSSH and its suite of clients, such
as the sftp command, for more security when transferring files. The
OpenSSH suite provides the sshd daemon and enables encrypted remote
logins. (See Chapter 19, “Remote Access with SSH, Telnet, and VNC,” for
more information.) At the same time, FTP is still interesting enough to be
included in the book, and you will still find FTP servers running here and
there. For new deployments, especially ones with secure needs, we
recommend learning more about SSH.Choosing an Authenticated or Anonymous Server
When you are preparing to set up your FTP server, you must first make the
decision to install either the authenticated or anonymous service.
Authenticated service requires the entry of a valid username and password for
access. As previously mentioned, anonymous service allows the use of the
username anonymous and an email address as a password for access.
Authenticated FTP servers are used to provide some measure of secure data
transfer for remote users but require maintenance of user accounts, given that
usernames and passwords are used. Anonymous FTP servers are used when
user authentication is not needed and can be helpful in providing an easily
accessible platform for customer support or public distribution of documents,
software, or other data.
If you use an anonymous FTP server in your home or business Linux system,
it is vital that you properly install and configure it to retain a relatively secure
environment. Generally, sites that host anonymous FTP servers place them
outside the firewall, on a dedicated machine. The dedicated machine contains
only the FTP server and should not contain data that cannot be restored
quickly. This dedicated-machine setup prevents malicious users who
compromise the server from obtaining critical or sensitive data. For an
additional—but by no means more secure—setup, the FTP portion of the file
system can be mounted read-only from a separate hard drive partition or
volume, or it can be mounted from read-only media, such as CD-ROM, DVD,