Posted on 2006-04-02
I am setting up FTP to allow only a few users to connect. I am aware of the clear text password issue, so I created a group called 'FTP'. I then created a user 'FTPUser', and changed the group membership from the 'Users' group to the 'FTP' group. I am isolating the group/user combination to the FTP directory via NTFS permissions that I propigated throughout the FTP folder structure. I figure if someone captures the password, they can only access this directory structure and nothing else. Does this sound like a good plan? Is there anything else I can do further to secure this?