[conspire] FTP "drop box"
Don Marti
dmarti at zgp.org
Wed Nov 15 21:49:54 PST 2006
begin Rick Moen quotation of Tue, Nov 14, 2006 at 10:34:40PM -0800:
> The last time I configured an anonymous ftp "drop box" setup, it was on
> wu-ftpd. (Hey, it was a long time ago: There wasn't much else, then.)
> The difficult part, there, was setting the umask desirably for uploaded
> files: You want to make sure that the directory is world-writeable but
> not world-readable, and that any subdirectories the remote user is
> permitted to create (if any) follow suit.
Ok, vsftpd lets me lock down this stuff pretty
conveniently. No need to let the anon users create
directories. Thank you.
anon_umask=077
Lots of good paranoid options here:
http://vsftpd.beasts.org/vsftpd_conf.html
There's possible abuse for users sending around the
names of known files so I have the uploaded files
themselves as ftp.nogroup, 600. Will use a script
with sudo in it to move them out of the dropbox before
letting anyone open them.
--
Don Marti
http://zgp.org/~dmarti/
dmarti at zgp.org
More information about the conspire
mailing list