?
Solved

FTP - Disallow Downloads & allow uploads

Posted on 2003-11-14
3
Medium Priority
?
425 Views
Last Modified: 2010-04-22
Hi,

Due to Internal reasons, I would like to do the following.

For some users, disallow download of files from FTP server, allow only of upload of files.

Currently running red hat linux 7.2, with pure-ftp installed. However, if there is any FTP server that allows the above to be done, will note be a problem to switch over. Please help!.

Thanks a lot.
0
Comment
Question by:jo495
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 24

Assisted Solution

by:shivsa
shivsa earned 250 total points
ID: 9768685
The following snippet from a sample configuration file illustrates how to protect an "upload" directory in such a fashion (which is a very good idea if you don"t want people using your site for "warez"):



--------------------------------------------------------------------------------

<Anonymous /home/ftp>
  # All files uploaded are set to username.usergroup ownership
  User username
  Group usergroup
  UserAlias ftp username
  AuthAliasOnly on
  RequireValidShell off

  <Directory pub/incoming/>
     <Limit STOR CWD>
        AllowAll
     </Limit>
     <Limit READ RMD DELE MKD>
        DenyAll
     </Limit>
  </Directory>
</Anonymous>


--------------------------------------------------------------------------------


This denies all write operations to the anonymous root directory and sub-directories, except "incoming/" where the permissions are reversed and the client can store but not read. If you used <Limit WRITE> instead of <Limit STOR> on <Directory incoming>, ftp clients would be allowed to perform all write operations to the sub-dir, including deleting, renaming and creating directories.

for more info,
http://proftpd.org/docs/faq/proftpdfaq-5.html#ss5.3
0
 
LVL 24

Expert Comment

by:shivsa
ID: 9768706
sorry above post was valid for proftp.
this is for pureftp.

 '-K': Allow users to resume and upload files, but *NOT* to delete or rename
them. Directories can be removed, but only if they are empty. However,
overwriting existing files is still allowed (to support upload resume) . If
you want to disable this too, add -r (--autorename) .

http://www.pureftpd.org/README
0
 
LVL 1

Accepted Solution

by:
MKrauss earned 250 total points
ID: 9886869
you should switch to vsftpd (http://vsftpd.beasts.org/) which is the most secure
ftp at the moment, with vsftp you can set/chown the anon owner plus the umask, with
this you can do configure for anon uploads and no downloads - per directory - and much
more like anon bandwith limitation. if you need a config sample then pls comment back.
MK
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question