Best Practices: FTP account creation

Eric Pretorious · Mar 15, 2013

I've noticed that some hosts create a separate -- but related -- account for FTP access to protect the user credentials of the customer account.

What other sorts of policies should be instituted? e.g.,

Should FTP access using the customer account credentials be prohibited? Can FTP access using the customer account credentials be prohibited?
Should a separate account [for FTP] be created automatically during account creation? Can a separate account [for FTP] be created automatically during account creation?

aashua · Mar 19, 2013

Maybe it will help.

Eric Pretorious said:
I've noticed that some hosts create a separate -- but related -- account for FTP access to protect the user credentials of the customer account.

What other sorts of policies should be instituted? e.g.,

Should FTP access using the customer account credentials be prohibited? Can FTP access using the customer account credentials be prohibited?

Should a separate account [for FTP] be created automatically during account creation? Can a separate account [for FTP] be created automatically during account creation?

maybe this link will help you.
https://manage.grabweb.net/knowledgebase.php?action=displayarticle&id=683

Eric Pretorious · Mar 19, 2013

aashua said:
maybe this link will help you.
https://manage.grabweb.net/knowledgebase.php?action=displayarticle&id=683

Thanks. I understand how to create FTP accounts.

I'm looking for best practices for FTP access. e.g.,

Eric Pretorious said:
What other sorts of policies should be instituted? e.g.,

Should FTP access using the customer account credentials be prohibited? Can FTP access using the customer account credentials be prohibited?

Should a separate account [for FTP] be created automatically during account creation? Can a separate account [for FTP] be created automatically during account creation?

TIA.

Eric Pretorious · Apr 4, 2013

Eric Pretorious said:
Thanks. I understand how to create FTP accounts.

I'm looking for best practices for FTP access. e.g.,
What other sorts of policies should be instituted? e.g.,

Eric Pretorious said:

Should FTP access using the customer account credentials be prohibited? Can FTP access using the customer account credentials be prohibited?

Should a separate account [for FTP] be created automatically during account creation? Can a separate account [for FTP] be created automatically during account creation?

Click to expand...

Suggestions? Anybody?

Eric Pretorious · Apr 24, 2013

Eric Pretorious said:
Suggestions? Anybody?

AFAICT, proftpd uses system user credentials (i.e., PAM)...

Code:

[root@www ~]# cat /etc/xinetd.d/ftp_psa 
...
service ftp
{
	flags		= IPv6
        disable		= no
	socket_type     = stream
        protocol        = tcp
        wait            = no
        user            = root
        instances       = UNLIMITED
        server          = /usr/sbin/in.proftpd
        server_args     = -c /etc/proftpd.conf
}

[root@www ~]# cat /etc/proftpd.conf 
...
# Enable PAM authentication
AuthPAM on
AuthPAMConfig proftpd

IdentLookups off 
UseReverseDNS off

AuthGroupFile	/etc/group

Include /etc/proftpd.include

[root@www ~]# cat /etc/pam.d/proftpd 
#%PAM-1.0
auth       required	pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth       required	pam_stack.so service=system-auth
auth       required	pam_shells.so
account    required	pam_stack.so service=system-auth
session    required	pam_stack.so service=system-auth

...but Plesk maintains separate credentials.

Best Practices: FTP account creation

Eric Pretorious

Regular Pleskian

aashua

Guest

Eric Pretorious

Regular Pleskian

Eric Pretorious

Regular Pleskian

Eric Pretorious

Regular Pleskian

Similar threads