On Thu, Nov 4, 2021 at 11:12 PM Konstantin Olchanski <[log in to unmask]> wrote:
>
> >
> > > Once I had a clue I was able to install the vsftpd rpm
> >
> > Running an unmaintained, out-of-date, password based service like FTP
> > on an obsolete and unsupported operating system is begging for a lot
> > of trouble if the machine is ever probed by a rootkit. Are you sure
> > about doing this?
>
> I would presume the OP has a clue and they are running the ftp server on a private network
> or with firewall rules to restrict access to trusted machines.

Why would you presume this? Seriously, people get asked all the time
to provide public facing services on poorly secured hosts and do so as
a matter of course. Folks doing DevOps or system administration are
constantly asked "can we do this", and the answer is often "yes", when
a more insightful question might be "what is the safe way to do this".
It's quite traditional for developers to run all sorts of insecure
services and have to negotiate later with the security admins who
discover the service. I have stories about MIT computer science
professors insisting on running public NFS shares with their home
directories and write access enabled.

And someone learning Linux, supporting an old lab setup, might not
have had the extra experience to realize how to reduce risks
coherently. It's like assuming that someone buying fireworks knows how
to use them safely. Too many people don't.