Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Securing and Optimizing Linux: RedHat Edition -A Hands on Guide
PrevChapter 32. Linux FTP ServerNext

32.10. The special file .notar

Whether you allow on-the-fly tarring of directories or not, you should make sure an end-run cannot be made using tar command in all areas where the upload parameter is not permit. To do so, create the special file .notar in each directory and in the FTP directory. 

      [root@deep ] /# touch /home/ftp/.notar
      [root@deep ] /# touch /home/ftp/etc/.notar
      [root@deep ] /# touch /home/ftp/dev/.notar
      [root@deep ] /# touch /home/ftp/bin/.notar   (1)
      [root@deep ] /# touch /home/ftp/lib/.notar   (2)
      [root@deep ] /# chmod 0 /home/ftp/.notar
      [root@deep ] /# chmod 0 /home/ftp/etc/.notar
      [root@deep ] /# chmod 0 /home/ftp/dev/.notar
      [root@deep ] /# chmod 0 /home/ftp/bin/.notar (3)
      [root@deep ] /# chmod 0 /home/ftp/lib/.notar (4)
(1)
Require only if you are not using the --enable-ls option.
(2)
Require only if you are not using the --enable-ls option.
(3)
Require only if you are not using the --enable-ls option.
(4)
Require only if you are not using the --enable-ls option.

The zero-length .notar file can confuse some web clients and FTP proxies, so let's mark it irretrievable to solve the problem. Add the following lines to your /etc/ftpaccess file. 
        noretrieve .notar

The noretrieve command. The noretrieve parameter of Wu-ftpd server allow you to deny transfer of the sectected directories or files. It is also a good idea to prevent downloads of those subdirectories bin, etc, dev, and lib in the /home/ftp directory with the command noretrieve in your /etc/ftpaccess file. 
        # We'll prevent downloads with noretrieve.
        noretrieve /home/ftp/etc
        noretrieve /home/ftp/dev
        noretrieve /home/ftp/bin  (1)
        noretrieve /home/ftp/lib  (2)

(1)
Require only if you are not using the --enable-ls option.
(2)
Require only if you are not using the --enable-ls option.

PrevHomeNext
Securing FTPUpInstalled files
  
 
  Published under the terms of the Open Publication License Design by Interspire