Some good advice in other threads, so I thought I'd consolidate it here:

 

Firstly, consider:

 



<ol style="list-style-type: decimal">
[*]WHY set one up? (read/write/delete permissions, and who?)


[*]WHO is using it? (authenticated/guest/anonymous)


[*]HOW is it being used? (quota checking, secure connections, archiving old files, port numbers)


[*]WHAT will the end users use for client connectivity? (FTP client/command-line/sftp etc)


</ol>


 

Some simple answers are:

- I'm setting one up for friends to share photos. Each friend will have upload/download access to a shared area, but not be able to delete anything. For reasons of security, they will not be able to navigate out of this area either.

- I'm running a gaming server and I want two admins to be able to drop new maps and mods into a directory that anyone can download. For security, FTPS need to be enabled so that the admin username/passes aren't transmitted plain-text, but anonymous access will not require encrypted connections - but will be subject to quota controls to prevent bandwidth-hogging.

 

These are what people refer to as "problem specification" - without making it clear what your end objectives are, you may well end up with something hastily-configured that's leaving you open for attack.

 

Some security considerations are:

• FTPS = uses secure (encrypted) connections over FTP, has a slight performance overhead with the encryption/decryption process.
  
  
  
• SFTP = can use ordinary SSH/SCP so don't need an FTP server, but means potentially giving shell access to a user.
  
  
  
• Port num: port 20 and 21 are commonly used for FTP servers, and get regularly sniffed. Consider binding the port number to something different, such as 12321, 54321, 21021 etc, to move it out of the range of impatient port-scanners.
  
  
  
• PASV/PORT connections: may need to punch a hole in your firewall - or advertise which port is in use - for transfer to work properly
  
  
  
• Capacity planning: is it possible for someone to fill up your filesystem, or have you got quota management on?
  
  
  
• Permissions: group users into roles (uploader/downloader/manager/viewer etc) then assign privs per role.
  
  
  
• Auditing: check logfiles (use logwatch) to monitor activity, particularly for nefarious behaviour. Consider using something like AWStats to report usage.
  
  
  
• User mapping: every file/directory under Linux is owned by a user and group; if you have virtual FTP users, who will be the eventual owner of uploaded content?
  
  
  

Strange issue here, but I'm sure it is possible under Postfix.

 

I've been running some mail servers successfully for some time, but now want to tighten up some controls.

 

At present, my home machine accepts mail for a few of my domains, filters out local recipient addresses (drops them into local mailboxes) and anything else then hits transport to get forwarded upstream to another mail server. That way, my mails stay local, mails for my mates get forwarded (transport) to our public mail server (and drops into their POP3 mailboxes) and mails with unmatched recipients are bounced by the upstream server.

 

Now I want to change things slightly. I want to have a whitelist of valid addresses (like local_recipients) on the home server, and if incoming mails don't match these then immediately reject them. Unfortunately, postfix only sees recipients in my virtual.db and not transport.db, so I get my mails but my mates' are rejected with "User unknown in local recipient table".

 

The only workaround I've managed is to flick "local_recipient_maps = " so that postfix won't bounce recipients unlisted in virtual.db.

 

So.. anyone shed any light here?

So, Microsoft submits 20000 lines of code to the Linux kernel, all licensed under the GPL. Microsoft, who considers Linux a great threat, and once called the GPL a "cancer". Opinions on this one are flying all around us, but what does Linus Torvalds, Linux' benevolent dictator, think about all this?

 

Linus hasn't actually looked at the code yet. It's driver code, low-risk and he isn't very interested in driver code anyway. He trusts the maintainers will do their jobs. "I'll likely look at it when the code is actually submitted to me by the maintainers (Greg [Kroah-Hartman], in this case), just out of morbid curiosity," Linus adds.

 

As most of you will be aware of, Linus is very forthright, and generally doesn't hold back when it comes to his opinions. He's also very pragmatic, and both of these qualities come forward quite clearly when Linus talks about Microsoft's code drop. I'm not going to squeeze his words into running text.

 

more > http://www.osnews.com/story/21887/Linus_..._a_Disease

Hello there,

 

First of all, let me apologize for my poor English. I'm not a native English speaker.

 

My problem is as follows:

 

I just downloaded Ubuntu 9.04 because I have an old PC standing on my desk an I figured, I could finally give Linux a try. After burning the ISO to a disk and booting it up, I get a weird 'flashing' screen. Flashing perhaps is not the right word, it's more like the image is shifting left to right (or right to left for that matter) very rapidly.

 

When i put my mouse (which btw is shown just as it should) over the top left corner I can (barely) see a menu coming down. Just because the screen gets a little lighter in that part.

 

Can someone tell me what to do? I already used the 'Check for errors' (or whatever it's called in English) method in the startup screen and nothing came up.

 

Thanks in advance!

 

P.S. I'm using 'boot from disk' mode, not an installed version.

How can I share a hard drive or a folder as hidden?

 

I have a server (Intel 120 OCed to 225 w/ windoze 2000 and ZoneAlarm) that has access to my windoze partition and my wife's PC. Thanks to DMA it has no problems keeping up with our computers. Yeah it takes five minutes to boot up. Once booted it gets shoved back in the closet and forgotten.

 

However, all it has to do is:

1) ZoneAlarm tell NIC 2, "Yes you can pass that info from NIC 1" or "Nope! Not allowed!"

2) Scan our PC's for viruses. I just hate having a virus scanning util on my PC slowing everything down.*

 

*Note: I have not gotten very many virus. My current total is: Two viruses and one hyjacking over the span of 16 years. That's PC years, not total 'puter years.

 

Thanks in advance.

Hello,

 

I'm about to be a new linux user! I am currently in the process of installing Yellow Dog 6.1 on my PS3.

 

During the installation I was given the opportunity to specify any repositories I wanted to include.

Now I don't even know what a repository does, would there be a windows analogy somebody could relate?

 

I chose not to install any, but I noticed there was an option to install repositories at a later time.

 

I found this thread, but didn't find it very helpful:

 

https://www.linux-noob.com/forums/index.php?showtopic=2417

 

Thanks for any help!

~laz

Hello all there,

 

I am newbe to unix programing.

 

I want to implement event mechanism just like

"My eldest son is ten years old. He as been using computers in one way or another since he was 4, and he has already seen Linux because I had installed Ubuntu and SLED 10 on his XP computer some years ago. He impressed me some years ago when he got into bzflags, but he never really got interested in Linux simply because of the lack of games (that interested him).

 

It's now early July, and tonite Christopher did a yum update after he had a problem getting compiz to work properly. That's pretty cool because at the start of June, I set him a challenge to use nothing but Linux on his computer for a month (I thought he'd last a few days and then give up).

 

The month has passed and I wanted to see what Christopher thought about using Linux daily."

 

way to go Christopher !!!!!

Does anyone know of a linux(Fedora 10) package which can handle input of cd's and cassette tapes, provide editing facilities and convert recorded sound files to mp3 format? (Equivalent of basic Magix software for Windows)

 

Cheers, GM

Quote:It's been an exciting nine months since we launched the Google Chrome browser. Already, over 30 million people use it regularly. We designed Google Chrome for people who live on the web -- searching for information, checking email, catching up on the news, shopping or just staying in touch with friends. However, the operating systems that browsers run on were designed in an era where there was no web. So today, we're announcing a new project that's a natural extension of Google Chrome -- the Google Chrome Operating System. It's our attempt to re-think what operating systems should be. 

Google Chrome OS is an open source, lightweight operating system that will initially be targeted at netbooks. Later this year we will open-source its code, and netbooks running Google Chrome OS will be available for consumers in the second half of 2010. Because we're already talking to partners about the project, and we'll soon be working with the open source community, we wanted to share our vision now so everyone understands what we are trying to achieve.