Trying to secure ftpd anonymous uploads (ugh, sometimes
I wish the customers would just go away).
Been using wu-ftpd for three years or so, but today is
the first time I've tried to use the "upload" directives
in the ftpaccess file. I added the following line, which
I would think would apply to anonymous users only:
upload /home1/ftp /* yes nobody users 0060 nodirs
Well, anonymous uploads /do/ get created as user "nobody",
group "users", mode 0600, and MKDIR is disallowed.
However, the "nodirs" flag is restricting "real" users from
creating directories as well, although the rest of
the line has no effect (i.e. permissions/ownership are those
of the real user).
I thought that ftpd looked up the supplied username
in /etc/passwd, and if that user's home directory matched
that given above (e.g. /home1/ftp) then that "upload" line
would apply? That would seem to restrict the above to the
user "ftp" (and "anonymous") only. Am I reading the
This is wu-ftpd-2.4.2-academ[BETA-11](3).
Avtel Communications, Santa Barbara, CA +1-805-730-7740
PGP fingerprint = B1 57 EB A8 1D B9 87 86 5F 5C 51 A4 F2 5E ED FD