uploading to ftp site for students and the like

John Voigt jvoigt
Mon May 17 11:56:44 PDT 2004 

On 12/09/2003 10:26 PM, Joel Hammer wrote:

> Just some ramblings.
> 
> I have seen from time to time people asking how they can set up an
> ftp site so students and their ilk can upload homework but others
> can't see it or erase it or whatever.
> 
> I have often though that a simple daemon looking at the upload
> directory which removes uploaded files to a safe location would be
> the ticket, but nobody ever seems enthused about that.
> 
> So, another brilliant insight. Make the upload directory unwritable
> but make a pipe in that directory  writable.
> 
> It is assumed that this is an anonymous site, otherwise there
> wouldn't be this sort of security issue.

Hi,

If you are using wu-ftpd, you can do this rather easily by tweaking
/etc/ftpaccess a bit:

create an 'incoming' directory of some sort under the FTP home
somewhere. Our old one (currently offline) looks like:

drwx-ws-wt   2 ftpadmin wheel        1024 Jul  2  2002 incoming/
^^^^^^^^^^
(chmod 3733)

Then make sure that /etc/ftpaccess contains something like:

upload /home/ftp * no
upload /home/ftp /incoming  yes ftpadmin wheel 0440 nodirs

where ftpadmin/wheel, or whatever, is a user/group that is unreadable by
the ftp daemon itself.

This in effect creates a 'blind' directory where files can be uploaded,
but not seen or retrieved.

<snip>

> Well, this is rough, but the idea looks like it might be useful. I 
> haven't tried to find out what happens when two ftp sessions try to 
> access the pipe at the same time.

Not a problem with the above.

> It would be nice if the user name could be prepended to the file
> name. 

Not sure about this one.

> And, I am not sure how the student will know that his/her file
> has been uploaded successfully.

Not sure about this one either. You could, however, write a script of 
some sort to watch this directory and send an e-mail to ftpadmin (or 
whatever) when something is uploaded. I didn't take it that far, and 
just put the instructions in the welcome.msg.

HTH,

John V.
-- 
   _/- John Voigt - K9GBO -----|- Registered Linux User #38558 --_/
  _/- Reclamation Specialist --|- IN Dept of Natural Resources -_/
_/---- jvoigt at reclamation.dnr.state.in.us - (812)665-2207 ----_/
Eat Right, Exercise, Die Anyway.

More information about the Linux-users mailing list