Subject: Re: ftpd upload behavior
To: Rumi Szabolcs <firstname.lastname@example.org>
From: None <email@example.com>
Date: 01/21/2001 23:49:48
>recently i have faced a problem when setting up netbsd ftpd.
>when i set up an "incoming" directory, users can be given
>permission to use some commands like STOR to upload files,
>but this way they are not permitted to use MKD to make
>subdirectories into the "incoming" directory.
>users who want to upload something, usually also want to
>make directories for the stuff they upload - and i think
>that this is practical and understandable, so i tried to
>let them create directories somehow. then i realized that
>i can only do that by allowing the whole "modify" group of
>commands which leads to DELE and RMD also be allowed -
>something that is rather undesirable.
sorry if i'm reading between lines...
if you allow commands like mkdir how can you prevent rogue users
from digging tons of files into incoming directory and exchange warez
(license violated software) between anonymous ftp users?
this is the very reason why incoming directory has specific permission,
and umask is set to 0707 for guest's uploads (make the uploaded file
accessible from, say wheel group only). did you supply any special
code for that?