vtdarrell wrote:SSH access will probably never be an option.
SFTP is an option. I've tried to keep our server as close to baseline as possible so that I don't create a configuration that others would be lost trying to figure out (if I were hit by a bus). SFTP has several hoops to jump through.
It's more likely that we will move to an Apache DAV service because of the flexibility afforded concerning ACLs. Right now, we have to create a user on the linux box for FTP access. Apache DAV would relieve us of that requirement as users/passwords are completely controlled through all the standard Apache authnz methods. It's a part of a larger project, establishing a username/password for every member of the NSS so we can have a better method of dues payment. That project has been on hold as the NSS Office moves to new accounting software (of course, that project has been on the books for a while, but there's been a lot of movement in the last few months).
I'm definitely not asking for SSH
shell access, I just meant that SFTP is FTP wrapped in the SSH protocol.
If you're already adding system accounts in order to grant FTP access, I'd think it would be relatively easy to grant SFTP access as well. For example, I believe that you can set the users' shell to `rssh`, the restricted shell, and easily limit their account to SFTP and SCP access only; though you may need to stuff them into a chroot still.
The point is, however, that insecure FTP isn't even
allowed in most industry; if a plan isn't even in place yet, it's definitely time for the IT Committee to start planning for some sort of secure access.