On Thu, Sep 30, 2010 at 10:22 AM, Zico <[email protected]> wrote: > Hi, I have just installed a FTP server for providing some files among my > students. I want to set permission in such a way that: > > (1) Anonymous user can read / copy the file but no write permission > (2) My students who will login with their ID, will able to read / copy and > *even write in that FTP* site.
Using correct terminology, 1) anon users can only download but not upload and 2) authenticated users can download as well as upload. I use pureftpd instead of vsftp, so the below is untested but it should mostly work. Please post again if you run into any issues. > listen=YES > local_enable=YES > anonymous_enable=YES > write_enable=YES > local_umask=077 Config looks okay so far, assuming your FTP root is /var/ftp, do this: 1. chgrp ftp /var/ftp # your ftp root 3. chmod g+s /var/ftp 3. Set local_umask=002 in your vsftpd.conf This creates all files/dirs with group ownership set to "ftp" and group writeable. Authenticated users will be able to modify files uploaded by other authenticated users as well. Anon can only download. > anon_upload_enable=YES Set this to NO to disable anon users from uploading files. This config is contrary to what you are trying to do. An ftp server with anon upload permissions is ripe for abuse unless configured correctly. I ran an ftp server in the 90's which was hacked and used for hosting warez, it had a dir named named ". " (that's a dot followed by a space character) which was full of unwanted files. To securely allow anon FTP uploads, restrict all anon uploads to a /incoming dir, and deny anon users from downloading from this /incoming dir. Then setup an /outgoing or /pub dir where anon users can download but not upload anything. You can also serve the same /outgoing folder over http. Only authenticated users can move files from /incoming to /outgoing. I run a PureFTP server setup like this at work and so far my server has never been abused. - Raja _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
