ftpserver

henry2010 · #1 26th June 2012, 12:10 PM

I have installed vsftpd in fedora 14 machine. three ftp users are created. I want users can upload or download files via ftp. but users should not delete these files. How to prevent the users to delete the files in my ftp server. this means uploaded files should be deleted on any account. how to resiolve this.

henry

jpollard · #2 26th June 2012, 01:30 PM

For a user to create files (via upload) the user must be able to write to the directory.

The only requirement for a user to delete files is to be able to write to the directory...

Can't have one without the other.

That said, if what you actually want is for users to be unable to delete other users files then you have to set the "t" flag on the directory (just like it is on /tmp).

***DBelton*** · #3 26th June 2012, 02:01 PM

Another thing to try is setting the "immutable" bit on the file (+i)

This has to be set (and unset) by the root user, and while set, even root will not be able to delete (or modify) the file.

You could possibly set the defaults for your ftp upload folder to set the +i or have a script that picks up when new files are written in the folder and sets it for you.

jpollard · #4 26th June 2012, 02:58 PM

You can only set the immutable bit from a command line. Files that are dropped in via ftp cannot get it set.

Until the bit gets set, it can be overwritten or deleted.

Of course, it also prevents the user from updating the file...

beaker_ · #5 26th June 2012, 03:23 PM

Any reason not to try:

Force uid
Force groupid
Set stickybit
Most or all, except the owner who probably will never log on, vsftp users have rwx rights through group membership only.

Late Edit: So it'd look something like:

Code:

chown VSFTP_GodLikeUser:VSFTP_Group FTP_Directory
chmod 770 FTP_Directory              <<------ I'm guessing here.
chmod u+s FTP_Directory
chmod u+g FTP_Directory
chmod +t FTP_Directory

Though I wonder if a user could write null to a file.

Late Late Edit: Never mind. I see the circle: u+s is crippled for what I want to do.

***DBelton*** · #6 26th June 2012, 03:27 PM

You could use something like inotify or incron to monitor the directory and run certain commands when new files are detected.

I do believe that incron can run commands as root if it's defined in the system tables rather than in the user tables.

I would start with looking at inotify since it's included in the kernel now.

Look at the packages inotify-tools and incron (in the fedora repos) and see if they would do what's needed.