Next Previous Contents

3. Local System Security

FTP-Proxy comes with several configuration features that help to increase local system security, namely ServerRoot, User and Group.

The way FTP-Proxy is being called needs to be considered. One possible way is via the system's inetd (or xinetd) Internet Super Daemon. In this case FTP-Proxy will not fork or become a daemon. It will serve the client and terminate itself after delivery. When configuring (x)inetd to include the ftp-proxy executable, ServerRoot should be used. The User and Group need not be given since they are normally handled by the inetd configuration itself.

The User and Group options should actually be considered for standalone operations. In this case ftp-proxy will detach itself from the controlling terminal and run as daemon. The User and Group directives will be acted upon by the daemon process, while ServerRoot will only be evaluated by the client processes after they have forked.

It might be a good idea to create a new user (e.g. "ftpproxy") in order to reach a better granularity for the user administration.

When using ServerRoot, please note that in certain cases other files may have to be installed into the runtime environment as well, e.g. libc.a and possibly other libraries (e.g. libcrypt.a under AIX 4.3) and possibly /etc/passwd and /etc/group files.


Next Previous Contents