Prev   Next

upload dir control 

Solution 

Enable write access to /ftp/incoming to allow user create directories. I.e., directory creation is allowed/done in shell but not in ftp.

Test 

mkdir /tmp/ttt
echo aaa > /tmp/ttt/aa
ncftpput -v localhost /incoming ~/s/docs/file.sample.bin
ncftpput -v localhost /incoming/tmp/ ~/s/docs/file.sample.bin
ncftpput -v localhost /incoming/tong/ ~/s/docs/file.sample.bin
ncftpput -d -v -R localhost /incoming/tong /tmp/ttt
ncftpput -d -v -R localhost /incoming /tmp/ttt
ncftpget ftp://localhost/incoming/aaa
[Tip]

!!

cd /ftp/incoming
md tmp
..
chown :crew tmp
/ftp/incoming$ dir
total 16
-rw-r--r--    1 root     root            7 Mar 12 14:45 aaa
-rw-rw-r--    1 ftp      crew          512 Mar 12 15:06 file.sample.bin
drwxrwx--x    2 tong     crew         4096 Mar 12 15:09 tmp/
drwxr-xr-x    4 ftp      crew         4096 Mar 12 15:05 tong/
ncftpput -d -v -R localhost /incoming/tmp /tmp/ttt/
Cmd: CWD incoming
250: CWD command successful.
Cmd: CWD tmp
250: CWD command successful.
[...]
Cmd: STOR aa
150: Opening BINARY mode data connection for aa.
/tmp/ttt//aa:                      ETA:   0:00    4.00/  4.00 B     3.73 kB/s  226: Transfer complete.
/tmp/ttt//aa:                                            4.00 B   107.28 B/s

conf file 

in ftpaccess:

upload  /var/ftp    *           no
upload  /var/ftp    /incoming       yes     ftp     crew    0664    nodirs
upload  /var/ftp    /incoming/*     yes     ftp     crew    0664    dirs    0770
upload  /var/ftp    /incoming/*/*   yes     ftp     crew    0664    nodirs
upload  /var/ftp    /private/*/incoming yes * crew 0640 dirs    0750

Meaning: user can create directories in and only in their own directories, one level only.

/incoming 

Cmd: PWD
257: "/incoming" is current directory.
Cmd: CWD ttt
550: ttt: No such file or directory.
Cmd: MKD ttt
550: ttt: Permission denied on server. (Upload dirs)

/incoming/tong 

Cmd: PWD
257: "/incoming/tong" is current directory.
Cmd: CWD ttt
550: ttt: No such file or directory.
Cmd: MKD ttt
257: "/incoming/tong/ttt" new directory created.
Cmd: STOR ttt/aa
553: ttt/aa: Permission denied.

The created directory 

"ncftpput -d -v -R localhost /incoming/tong /tmp/ttt" will yield:

Cmd: MKD ttt
257: "/incoming/tong/ttt" new directory created.
$ ftp localhost
ftp> PWD
257: "/incoming/tong" is current directory.
ftp> mkdir test
257 "/incoming/tong/test" new directory created.
ftp> dir
227 Entering Passive Mode (127,0,0,1,59,49)
150 Opening ASCII mode data connection for directory listing.
total 24
-rw-rw-r--   1 14       600             4 Mar 12 07:20 aa
drwxrwx---   2 root     root         4096 Mar 12 07:22 test
drwxrwx---   2 4095     root         4096 Mar 12 07:21 ttt

Notes:

  • The owner of the dir is different, with two different dir creation methods, MKD and mkdir.
  • The group is the same, root, although I've "autogroup crew anonftp"
  • The created directory is not usable since the group is not crew.
  • 'guestgroup crew' will not help either. The created directory is still owned by group root.

SourceForge.net LogoXpt.SourceForge.netCreative Commons Attribution-ShareAlike License
Single file version available here.
Last updated on 2008-03-18.
To discuss, comment here.
Prev   Next
 Home