openSolaris 2008 - Controlling Uploads and Downloads on the FTP Server - System Administration Guide: Network Services

Controlling Uploads and Downloads on the FTP Server

You can control uploads and downloads that are started to and from the FTP server by setting permissions on directories on the server. By default, uploads are not allowed for anonymous users. Be very careful when enabling anonymous uploads.

How to Control Uploads to the FTP Server

Add the directives to the ftpaccess file to specify upload permissions and error messages for upload failures.

Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services. To configure a role with the Primary Administrator profile, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
Add the following entries to the ftpaccess file.
To enable users to upload files, add the following entry:
```
upload [absolute|relative] [class=<classname>]... [-] root-dir \
dirglob yes|no owner group mode [dirs|nodirs] [<d_mode>]

path-filter typelist mesg allowed-charset {disallowed regexp...}
```
upload

Keyword that is applied to users who have a home directory (the argument to chroot()) of the root-dir. The root-dir can be specified as “*” to match any home directory.

absolute|relative

Parameter that specifies whether the root-dir directory paths are interpreted as absolute or relative to the current chroot directory.

class

Keyword that is used to specify any number of class=<classname> restrictions. If restrictions are specified, the upload clause only becomes effective if the current user is a member of one of the specified classes.

root-dir

User's root directory and the home directory for anonymous users.

dirglob

A pattern to match a directory name. An asterisk can be used in any place or alone to signify any directory.

yes|no

Variable that allows or disallows upload to the FTP server.

owner

Owner of files that are uploaded into dirnames.

group

Group that is associated with files that are uploaded into dirnames.

mode

Parameter that is used to specify access permissions for uploaded files. The default mode 0440 prevents the anonymous account from reading uploaded files.

dirs|nodirs

Keyword that allows or disallows users to create subdirectories in a directory that is listed in dirnames.

d_mode

Optional mode that determines the permissions for a newly created directory.

path-filter

Keyword that controls the names of uploaded files.

typelist

A comma-separated list of any of the keywords anonymous, guest, and real.

mesg

Message file that is displayed fails to match the regexp criteria.

allowed-charset {disallowed regexp...}

Alphanumeric characters allowed or disallowed in file names.

Example 28-13 Controlling Uploads to the FTP Server

upload /export/home/ftp /incoming yes ftpadm ftpadmin 0440 nodirs
path-filter anonymous /etc/ftpd/filename.msg ^[-A-Za-z0-9._]*$ ^[.-]

The preceding example states the following:

FTP user accounts that use chroot to /export/home/ftp can upload to the /incoming directory. Uploaded files are owned by user ftpadm and the group ftpadmin. The mode is set to 0440 with the nodirs keyword to prevent anonymous users from creating subdirectories.
For anonymous users, a file name is any sequence of A-Z, a-z, 0-9, . (dot), - (dash), or _ (underline). File names cannot start with a . (dot) or - (dash). If a file name fails this filter, the /etc/ftpd/filename.msg message is displayed if the FTP Administrator has created the message file. This message is followed by an FTP server error message.

Ownership and permissions on a directory into which anonymous uploads are allowed should be tightly controlled. The FTP Administrator should be the owner of all files uploaded to the FTP server. You need to create an FTP Administrator when anonymous users are allowed to upload files. The directory should be owned by the user ftpadm and group ftpadm with permissions set to 3773.

The access mode for files uploaded to the FTP server should be 0440. The 0440 mode prevents the anonymous account from reading uploaded files. This restriction protects your server from becoming a staging area for third-party file distribution.

To make uploaded files available for distribution, the FTP Administrator can move files to a public directory.

How to Control Downloads to the FTP Server

Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services. To configure a role with the Primary Administrator profile, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
Add the following entries to the ftpaccess file to prevent users from retrieving files.
```
noretrieve [absolute|relative] [class=classname]... [-] filename ...
```
noretrieve

Keyword that is used to deny retrieval of a particular file or files

absolute|relative

Parameter that specifies whether the root-dir directory paths are interpreted as absolute or relative to the current chroot directory

class

Keyword that is used to specify class=<classname> of users to which noretrieve restrictions apply

filename

Name of file the user is not permitted to retrieve

Example 28-14 Controlling Downloads to the FTP Server

noretrieve /etc/passwd

The preceding example states that all users are prevented from retrieving the /etc/passwd file.