Results 1 to 19 of 19
  1. #1

    Is root access via FTP dangerous?

    My host doesn't provide an FTP account with root access to the server, only FTP accounts to the individual domain names' directory.

    I'm not very proficient in Linux and would rather be able to download a file (like say httpd.conf or whatever), make my edits in notepad, and upload the edited file back to the server.

    Fastservers (my host) doesn't provide this FTP access (I'm on a dedicated box) because they mentioned it was a security hole. Should I be concerned, or should I request such an FTP account be created?
    Last edited by RandyL712; 08-09-2002 at 04:17 PM.

  2. #2
    Join Date
    May 2001
    Location
    Dayton, Ohio
    Posts
    4,962
    Yes it is dangerous to ftp via root.. Since ftp is just plain text, your too pass would be going in public view


    And its not a fastserver thing, its a Cpanel/RH/Linux thing
    -Mat Sumpter
    Director, Product Engagement
    Penton Media

  3. #3
    Join Date
    Sep 2001
    Location
    Seattle, WA
    Posts
    3,084
    Yes, FTPing in as root is amazingly dangerous.
    Telneting in as root is just as dangerous.
    SSHing directly as root is kind of dangerous, you should disable direct root logins -- make sure you need to su from a user account.

  4. #4
    I certainly wasn't accusing fastservers of anything, just gathering opinions.

  5. #5
    I'm so used to downloading config files, making changes, then re-uploading... any way to do this now without compromising security?

  6. #6
    Join Date
    Sep 2001
    Location
    Seattle, WA
    Posts
    3,084
    Originally posted by RandyL712
    I'm so used to downloading config files, making changes, then re-uploading... any way to do this now without compromising security?
    SSH in as a user, su to root, and use emacs. It's a very easy to use editor, and doing it this way doesn't require much Linux knowledge.

    Or, you can upload the files as an unpriveleged user, su, then copy that file over the real file. You'd need to SSH in to restart the services anyway, don't you?

  7. #7
    Nah, WebHost Manager lets you restart any of the services.

  8. #8
    Join Date
    Nov 2001
    Posts
    1,262
    Randy: somthing you could do is
    say you had another ftp user admin @ /home/admin

    you could

    cp /usr/local/path/to/apache/conf/httpd.conf /home/admin

    then download it via ftp
    reupload it after done then

    cp /home/admin/httpd.conf /usr/local/path/to/apache/conf/httpd.conf


    hope that helps you acomplish what you need to do.

  9. #9
    Join Date
    Sep 2000
    Location
    Alberta, Canada
    Posts
    3,109
    Along with emacs, one has the choice of using Pico or Vi, on a Linux system. Not to get into a "which is better" war, but it's best to check out all three and start getting used to one of them. You'll be using it a lot.
    PotentProducts.com - for all your Hosting needs
    Helping people Host, Create and Maintain their Web Site
    ServerAdmin Services also available

  10. #10
    Join Date
    Jul 2002
    Posts
    57
    RandyL712 why you edit linux files in notepad? it's not good idea at all! better use SSH client - it's safe, and you never have problems with LF+CR. and even in SSH don't login as root - use su.

  11. #11
    Join Date
    May 2002
    Posts
    542
    Personally I use Pico to modify httpd.conf... the extra step of using FTP just seems kinda slow.
    Jay » [email protected] • AIM » FDrive Support
    Front Drive™ » Advanced multi-domain solutions
    http://www.frontdrive.com/

  12. #12
    Join Date
    Jul 2002
    Posts
    183
    I love pico

  13. #13
    Join Date
    Dec 2000
    Posts
    69
    Use Vi, there is nothing to it and it is a lot faster than downloading and uploading. I personally am trying to get away from FTP, not only because of the security but there is something cool about being able to do everything you need to do on a command line.

  14. #14
    Join Date
    Jun 2002
    Posts
    1,376
    Again, what text editor you use is entirely up to you, but I'd like to chip in my vote for vi.

    There is the benefit of it being the "standard" -- I've literally never touched a Unix box that doesn't have vi. In fact, on every Unix computer I've used, I think I've found a reason to use vi.

    I consider Linux and vi to be in the same boat -- extremely easy to use, but not so easy to learn. I run Linux exclusively, but find myself causing all sorts of havoc when I try to use Word or something -- I'm constantly doing (escape):wq and the like, which Word doesn't seem to understand.

    Personally, I'd recommend you take the time to learn vi. When I first got into Linux (yipes, that was a while ago), I used emacs all the time, but someone persuaded me to try vi. It's totally illogical -- hit escape, a colon, w, then a q to save. Why not just click "Save" and then "Quit?!" But I grew to love it's elegant simplicity. There's a ton of neat tricks I've picked up, that I don't believe you can do in Word. It's great (especially with HTML) to be able to, with a single button-press, delete everything from the cursor to the end of the line. When PHP gives me something like "Parse error at line 14," I can simply type in the line number and see the line in question. It's just really great to be able to debug PHP errors or whatnot without ever touching the mouse.

    Also, a quick side note about services. None of the boxes under my control even have ftp installed. FTP seems to have a bad track record with security (there are apparently myriads of buffer overflows and stuff), and I found that I never used it anyway. Telnet got shut off (and uninstalled) quite a while ago, too. Now I use ssh to remotely log into places, and scp to copy things. I don't have to worry about anyone snooping on me or getting my password. The one issue is that Windows comes standard with telnet and ssh, but doesn't provide ssh/scp, and I doubt if they ever will provide it. But programs like PuTTY make for great ssh clients. (I can't recommend an scp client, as I've never needed to use scp on Windows...) Putty's website (it happens to be the first match for "putty" in a Google search) is http://www.chiark.greenend.org.uk/~sgtatham/putty/, if you want to give it a try. (You can even click "Run from location" if you don't want to install it. Loads of fun when your sysadmin is yelling at you for using too much space. I just got it cached in the proxy server and ran it from there. )

  15. #15
    Join Date
    Jul 2001
    Location
    Boston
    Posts
    354
    Originally posted by fog
    \But programs like PuTTY make for great ssh clients. (I can't recommend an scp client, as I've never needed to use scp on Windows...) Putty's website (it happens to be the first match for "putty" in a Google search) is http://www.chiark.greenend.org.uk/~sgtatham/putty/
    Have you ever tried SecureCRT? It's not free, and can be found at www.vandyke.com. I like it a lot.

  16. #16
    Join Date
    Dec 2001
    Location
    Darmstadt, Germany
    Posts
    1,096
    you said it. it's not free.
    so the best solution is imho putty
    and for the text editor discussion ... i use both, vi and pico.
    and i have to say, pico is much easier to start with and to handle, though it's missing some nice features which vi has
    In just two days, tomorrow will be yesterday.

  17. #17
    Try winscp2 thanks sam

  18. #18
    Join Date
    May 2002
    Location
    Ontario, Canada
    Posts
    11
    Definitely try WinSCP2. You will like it

    http://winscp.vse.cz/eng/

  19. #19
    Yeah, yeah - one day I will learn emacs or vi - but in the mean time pico is just fine for hacking at config files

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •