Securing and Optimizing Linux: RedHat Edition -A Hands on Guide
Prev	Chapter 32. Linux `FTP` Server	Next

32.10. The special file `.notar`

Whether you allow on-the-fly tarring of directories or not, you should make sure an end-run cannot be made using tar command in all areas where the upload parameter is not permit. To do so, create the special file .notar in each directory and in the FTP directory.

      [root@deep ] /# touch /home/ftp/.notar
      [root@deep ] /# touch /home/ftp/etc/.notar
      [root@deep ] /# touch /home/ftp/dev/.notar
      [root@deep ] /# touch /home/ftp/bin/.notar   
      [root@deep ] /# touch /home/ftp/lib/.notar   
      [root@deep ] /# chmod 0 /home/ftp/.notar
      [root@deep ] /# chmod 0 /home/ftp/etc/.notar
      [root@deep ] /# chmod 0 /home/ftp/dev/.notar
      [root@deep ] /# chmod 0 /home/ftp/bin/.notar 
      [root@deep ] /# chmod 0 /home/ftp/lib/.notar

: Require only if you are not using the --enable-ls option.
: Require only if you are not using the --enable-ls option.
: Require only if you are not using the --enable-ls option.
: Require only if you are not using the --enable-ls option.

The zero-length .notar file can confuse some web clients and FTP proxies, so let's mark it irretrievable to solve the problem. Add the following lines to your /etc/ftpaccess file.
noretrieve .notar

The noretrieve command. The noretrieve parameter of Wu-ftpd server allow you to deny transfer of the sectected directories or files. It is also a good idea to prevent downloads of those subdirectories bin, etc, dev, and lib in the /home/ftp directory with the command noretrieve in your /etc/ftpaccess file.
# We'll prevent downloads with noretrieve. noretrieve /home/ftp/etc noretrieve /home/ftp/dev noretrieve /home/ftp/bin noretrieve /home/ftp/lib

: Require only if you are not using the --enable-ls option.
: Require only if you are not using the --enable-ls option.

Prev	Home	Next
Securing `FTP`	Up	Installed files

Contents

32.10. The special file .notar

32.10. The special file `.notar`