[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 433
  • Last Modified:

FTP - Disallow Downloads & allow uploads

Hi,

Due to Internal reasons, I would like to do the following.

For some users, disallow download of files from FTP server, allow only of upload of files.

Currently running red hat linux 7.2, with pure-ftp installed. However, if there is any FTP server that allows the above to be done, will note be a problem to switch over. Please help!.

Thanks a lot.
0
jo495
Asked:
jo495
  • 2
2 Solutions
 
shivsaCommented:
The following snippet from a sample configuration file illustrates how to protect an "upload" directory in such a fashion (which is a very good idea if you don"t want people using your site for "warez"):



--------------------------------------------------------------------------------

<Anonymous /home/ftp>
  # All files uploaded are set to username.usergroup ownership
  User username
  Group usergroup
  UserAlias ftp username
  AuthAliasOnly on
  RequireValidShell off

  <Directory pub/incoming/>
     <Limit STOR CWD>
        AllowAll
     </Limit>
     <Limit READ RMD DELE MKD>
        DenyAll
     </Limit>
  </Directory>
</Anonymous>


--------------------------------------------------------------------------------


This denies all write operations to the anonymous root directory and sub-directories, except "incoming/" where the permissions are reversed and the client can store but not read. If you used <Limit WRITE> instead of <Limit STOR> on <Directory incoming>, ftp clients would be allowed to perform all write operations to the sub-dir, including deleting, renaming and creating directories.

for more info,
http://proftpd.org/docs/faq/proftpdfaq-5.html#ss5.3
0
 
shivsaCommented:
sorry above post was valid for proftp.
this is for pureftp.

 '-K': Allow users to resume and upload files, but *NOT* to delete or rename
them. Directories can be removed, but only if they are empty. However,
overwriting existing files is still allowed (to support upload resume) . If
you want to disable this too, add -r (--autorename) .

http://www.pureftpd.org/README
0
 
MKraussCommented:
you should switch to vsftpd (http://vsftpd.beasts.org/) which is the most secure
ftp at the moment, with vsftp you can set/chown the anon owner plus the umask, with
this you can do configure for anon uploads and no downloads - per directory - and much
more like anon bandwith limitation. if you need a config sample then pls comment back.
MK
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now