Files Installed With - Red Hat ENTERPRISE LINUX 4.5.0 Reference Manual

directory
/var/ftp/
root directory, known as
directories not contained below the new root directory.
Use of these security practices has the following effect on how
• The parent process runs with the least privileges required — The parent process dynamically
calculates the level of privileges it requires to minimize the level of risk. Child processes
handle direct interaction with the FTP clients and run with as close to no privileges as
possible.
• All operations requiring elevated privileges are handled by a small parent process — Much
like the Apache HTTP Server,
incoming connections. This allows the privileged, parent process to be as small as possible
and handle relatively few tasks.
• All requests from unprivileged child processes are distrusted by the parent process —
Communication with child processes are received over a socket, and the validity of any
information from child processes is checked before being acted on.
• Most interaction with FTP clients is handled by unprivileged child processes in a
— Because these child processes are unprivileged and only have access to the directory
being shared, any crashed processes only allows the attacker access to the shared files.

3. Files Installed with

The RPM installs the daemon (
vsftpd
as well as FTP directories onto the system. The following is a list of the files and directories
most often considered when configuring
•
/etc/rc.d/init.d/vsftpd
command to start, stop, or reload
for more information about using this script.
•
/etc/pam.d/vsftpd
. This file defines the requirements a user must meet to login to the FTP server. For
vsftpd
more information, refer to
•
/etc/vsftpd/vsftpd.conf
Configuration Options"
•
/etc/vsftpd.ftpusers
includes the ,
root bin
•
/etc/vsftpd.user_list
users listed, depending on whether the
is the primary shared directory,
. This disallows any potential malicious hacker activities for any
/
launches unprivileged child processes to handle
vsftpd
vsftpd
/usr/sbin/vsftpd
vsftpd
— The initialization script (initscript) used by the
. Refer to
vsftpd
— The Pluggable Authentication Modules (PAM) configuration file for
Chapter 16, Pluggable Authentication Modules
— The configuration file for
for a list of important options contained within this file.
— A list of users not allowed to log into
, and users, among others.
daemon
— This file can be configured to either deny or allow access to the
userlist_deny
Files Installed with
reassigns
vsftpd
vsftpd
), its configuration and related files,
:
Section 4, "Starting and Stopping
. Refer to
vsftpd
vsftpd
directive is set to
vsftpd
to the new
/var/ftp/
deals with requests:
jail
chroot
/sbin/service
vsftpd
(PAM).
Section 5, "
vsftpd
. By default, this list
(default) or
YES NO
279
"