[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Ftp write only!

Subject: RE: [cobalt-users] Ftp write only!
From: "Edward R. Milstein" <eddie@xxxxxxxxxxx>
Date: Thu Nov 28 20:43:01 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> 
> >I have a client, who wants to give his authorised users ftp access to
the
> >site, to submit articles. However, he does not want the users to read
> each
> >others work until it is published.
> >
> >I have created a user account (with default ftp settings) for the
site in
> >question, but how can I make the raq4 set the uploaded files to write
> only
> >for that user?
> 
> Anonymous ftp allows all users to post file but not see what is
posted, at
> least on my raq3i. But if each user logs on with ftp, and they are not
> siteadmins, they can only see their own directory, ie: /user/username
-
> where are you having the problem of keeping other out? Are you trying
to
> have them submit to a common location? Do they need access to their
own
> work once they post it? If they just need to get the articles to the
> server
> and not access them until someone moves them to where they need to be
> after
> completed, setup the anonymous ftp, it is a one-way system (at least
on my
> Raq3i).

I personally would not recommend turning on anonymous FTP unless you
really need to provide that capability..  If my system is any
indication, I get probed daily looking for an anonymous, ftp or guest
account on ftp...  People like to have places to store things (which as
an aside I have never understood since free space is fairly plentiful)..

In any event, to answer your question, I think (I did not test but
generally this will work) the solution is permissions on the directory
in question..  Meaning the config file for ftp has defaults for each
type of account where the home of an ftp login is..

The directory permissions need to be write of course since that is what
you are trying to allow..  At the same time to deny read or browse
access to the directory contents, turn off read permission on the
directory..

In other words as an example,

% chmod 333 directory

should yield permissions that look like d-wx-wx-wx

If you do not want the directory to be world writable than use

% chmod 331 directory

for permissions that look like d-wx-wx--x

This will allow writes from ftp but not read permission on the directory
and thereby eliminate functions such as 'ls', etc...

Here is one cavet, if a user knows an existing filename they can ftp get
the file by directly accessing the filename even though they can not
'ls'...

I hope this makes sense..  I did not test this exactly but the concepts
are correct..

-ed-

References:
- Re: [cobalt-users] Ftp write only!
  - From: jale

Prev by Date: [cobalt-users] Has anyone used a CheckRoot Kit on a Raq550?
Next by Date: Re: [cobalt-users] Has anyone used a CheckRoot Kit on a Raq550?
Previous by thread: Re: [cobalt-users] Ftp write only!
Next by thread: RE: [cobalt-users] Ftp write only!

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index