FTP-Proxy comes with several configuration features that help
to increase local system security, namely ServerRoot
,
User
and Group
.
The way FTP-Proxy is being called needs to be considered. One
possible way is via the system's inetd (or xinetd) Internet Super
Daemon. In this case FTP-Proxy will not fork or become a daemon.
It will serve the client and terminate itself after delivery.
When configuring (x)inetd to include the ftp-proxy executable,
ServerRoot
should be used. The User
and
Group
need not be given since they are normally handled
by the inetd configuration itself.
The User and Group options should actually be considered for
standalone operations. In this case ftp-proxy will detach itself
from the controlling terminal and run as daemon. The User
and Group
directives will be acted upon by the daemon
process, while ServerRoot
will only be evaluated by the
client processes after they have forked.
It might be a good idea to create a new user (e.g. "ftpproxy") in order to reach a better granularity for the user administration.
When using ServerRoot
, please note that in certain cases
other files may have to be installed into the runtime environment
as well, e.g. libc.a and possibly other libraries (e.g. libcrypt.a
under AIX 4.3) and possibly /etc/passwd and /etc/group files.