Solved

FTP - Disallow Downloads & allow uploads

Posted on 2003-11-14
3
416 Views
Last Modified: 2010-04-22
Hi,

Due to Internal reasons, I would like to do the following.

For some users, disallow download of files from FTP server, allow only of upload of files.

Currently running red hat linux 7.2, with pure-ftp installed. However, if there is any FTP server that allows the above to be done, will note be a problem to switch over. Please help!.

Thanks a lot.
0
Comment
Question by:jo495
  • 2
3 Comments
 
LVL 24

Assisted Solution

by:shivsa
shivsa earned 125 total points
ID: 9768685
The following snippet from a sample configuration file illustrates how to protect an "upload" directory in such a fashion (which is a very good idea if you don"t want people using your site for "warez"):



--------------------------------------------------------------------------------

<Anonymous /home/ftp>
  # All files uploaded are set to username.usergroup ownership
  User username
  Group usergroup
  UserAlias ftp username
  AuthAliasOnly on
  RequireValidShell off

  <Directory pub/incoming/>
     <Limit STOR CWD>
        AllowAll
     </Limit>
     <Limit READ RMD DELE MKD>
        DenyAll
     </Limit>
  </Directory>
</Anonymous>


--------------------------------------------------------------------------------


This denies all write operations to the anonymous root directory and sub-directories, except "incoming/" where the permissions are reversed and the client can store but not read. If you used <Limit WRITE> instead of <Limit STOR> on <Directory incoming>, ftp clients would be allowed to perform all write operations to the sub-dir, including deleting, renaming and creating directories.

for more info,
http://proftpd.org/docs/faq/proftpdfaq-5.html#ss5.3
0
 
LVL 24

Expert Comment

by:shivsa
ID: 9768706
sorry above post was valid for proftp.
this is for pureftp.

 '-K': Allow users to resume and upload files, but *NOT* to delete or rename
them. Directories can be removed, but only if they are empty. However,
overwriting existing files is still allowed (to support upload resume) . If
you want to disable this too, add -r (--autorename) .

http://www.pureftpd.org/README
0
 
LVL 1

Accepted Solution

by:
MKrauss earned 125 total points
ID: 9886869
you should switch to vsftpd (http://vsftpd.beasts.org/) which is the most secure
ftp at the moment, with vsftp you can set/chown the anon owner plus the umask, with
this you can do configure for anon uploads and no downloads - per directory - and much
more like anon bandwith limitation. if you need a config sample then pls comment back.
MK
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question