Our sys admin is trying to configure anonymous FTP to our site such that
an outside user could upload a file to a particular directory but not be
able to download or get a list of files in that directory for security
purposes. The best he's been able to do is to allow uploads and prevent
directory lists, but someone could still "get" a file if the filename were
Is this secure enough if different users were using obscure enough
filenames, or can you use wildcards to "get" all the files in a directory
during anonymous FTP? Is there a way to give several users this sort of
secure access without giving them all separate directories/accounts?
Some specifics about our system: we're running SCO Unix System V/386
version 3.2, using the Bourne shell for login. All combinations of "R",
"W", and "X" rights have been tried without successfully creating a setup
as described above.
E-mail replies preferred.
"Stupid bug! You go squish now!" - Homer Simpson