Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1016
  • Last Modified:

can any linux ftp server control timestamps on the server side?

I cannot determine if it's possible to control timestamps on a linux FTP server, meaning that I just want to *disallow* the client to preserve the timestamp of the file.  I always want the time stamp of the file uploaded to be the local time that it was written to the FTP server.  I've been reading about MDMT commands and SITE UTIME, but I cannot see any clear way for any linux ftp server (pure-ftpd, proftpd, wu-ftpd, vsftpd...) to disallow client timestamp commands.  

Is this possible to control timestamp behavior server side?
Is this done through the OS or maybe Is this the default behavior of the FTP server?
Do I have to resort to trying to run 'touch' on every file as it gets written?

I'm open to almost any solution within reason, the server currently runs pure-ftpd but if this is easier or possible on another ftp server then I can move to that.

Thanks!
0
rmicone
Asked:
rmicone
  • 3
  • 3
1 Solution
 
nociSoftware EngineerCommented:
Ever thought about using a webserver with a file upload facility (using CGI form) then you are in control.
only the stuff you allow in the CGI can be done.

Should not be too hard to setup, authentication can be done by the www-server, security can be achieved through ssl (https:).
present a form with a 'file' field and a upload (=send) button. In the CGI write the data to a filename of choice and never tough it again.

This should even enhance the security of things as the passwords are now send in clear text across the network.
0
 
BlazCommented:
In vsftpd you have configuration option "mdmt_write":
http://vsftpd.beasts.org/vsftpd_conf.html

0
 
rmiconeAuthor Commented:
@noci
Yes ideally that's how I would probably do it to, but I am just doing contract work as linux admin, they have a couple programmers who choose the technology of the upload process, right now they are sticking with ftp (most people are using ie 6 to upload if you can believe it).  I will suggest this if we hit a wall with this timestamp issue.

@Blaz
I actually tried this and the server would not start, perhaps my version is too old and/or it doesn't support that option... maybe i need to try and upgrade to the most recent vsftpd... this is a Fedora 3 box :P
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
nociSoftware EngineerCommented:
Security is no consideration?
The transferred data is then essentially public data....???
so any body should be able to do anything to the data?
0
 
rmiconeAuthor Commented:
Security is a consideration of course, users login with credentials sent via the browser or ftp client, and there's an explicit TLS FTP server too, it's more of the fact that we're trying to prevent unintentional file backdating or something along those lines.  I think if I went to them and said they should only offer web upload via forms, they would probably tell me that they still need to ability of some of their clients to use plain old FTP...

anyways, right now I'm messing around with MDMT_WRITE=NO (it didn't work the first time I tried it, but I have an older version of vsftpd)... so I will post back the results as soon as I can.

Again thanks for your help and ideas... in theory you are correct, that's the best way to control permissions
0
 
nociSoftware EngineerCommented:
Also keep in mind that they can upload a new file too... thus forward dating a file. There is a hint to a solution..., they might be able to create a file, but after transfer they should be disowned. Then they cannot adjust the file in any way.

Using the famd/gamin server you can get a notice when a change to a file/directory happens. And then take immediate action.
0
 
rmiconeAuthor Commented:
the solution for me was I asked the pure-ftpd mailing list/developers how to prevent UTIME write commands and they gave me a fix.  I edited the source code, recompiled it and installed it, this worked.  The code modification was for ftpd.c


 You can disable the command that allows control of timestamps with this
patch:

diff --git a/src/ftpd.c b/src/ftpd.c
index 193f135..b535891 100644
--- a/src/ftpd.c
+++ b/src/ftpd.c
@@ -2701,7 +2701,7 @@ void doutime(char *name, const char * const wanted_time)
    struct utimbuf tb;

 # ifndef ANON_CAN_CHANGE_UTIME
-    if (guest != 0) {
+    if (1) {
        addreply_noformat(550, MSG_ANON_CANT_CHANGE_PERMS);
        return;
    }

Open in new window

0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now