Subject: Re: Securing Anonymous FTP Uploads
To: Johan Danielsson <>
From: Curt Sampson <>
List: tech-security
Date: 03/28/1997 21:10:28
On 28 Mar 1997, Johan Danielsson wrote:

> > * Disables the umask, chmod, delete and rmdir commands for anonymous
> >   users.
> Yes, and mkdir should not be disabled. It makes it a lot easier if
> R. Luser can put his gazillion different files in one directory.

Not much point to this, since with a umask of 707 or 777, he won't
be able to put anything into that directory, or even cd to it.

> Furthermore, anonymous users has restrictions on the filenames they
> may create.

I have no wish to put this in at all. Since the files can't be
downloaded anyway, there's not much point in adding code like this.

> I thought is was more elegant to add an `check_login_no_guest' and
> just change the relevant commands.

This is an excellent idea, and I've implemented it. Thanks.


Curt Sampson		Info at
Internet Portal Services, Inc.		`And malt does more than Milton can
Vancouver, BC   (604) 257-9400		 To justify God's ways to man.'