upload /export/home/ftp /incoming yes ftpadm ftpadmin 0440 nodirs path-filter anonymous /etc/ftpd/filename.msg ^[-A-Za-z0-9._]*$ ^[.-] |
The preceding example states the following:
FTP user accounts that use chroot to /export/home/ftp can upload to the /incoming directory. Uploaded files are owned by user ftpadm and the group ftpadmin. The mode is set to 0440 with the nodirs keyword to prevent anonymous users from creating subdirectories.
For anonymous users, a file name is any sequence of A-Z, a-z, 0-9, . (dot), - (dash), or _ (underline). File names cannot start with a . (dot) or - (dash). If a file name fails this filter, the /etc/ftpd/filename.msg message is displayed if the FTP Administrator has created the message file. This message is followed by an FTP server error message.
Ownership and permissions on a directory into which anonymous uploads are allowed should be tightly controlled. The FTP Administrator should be the owner of all files uploaded to the FTP server. You need to create an FTP Administrator when anonymous users are allowed to upload files. The directory should be owned by the user ftpadm and group ftpadm with permissions set to 3773.
The access mode for files uploaded to the FTP server should be 0440. The 0440 mode prevents the anonymous account from reading uploaded files. This restriction protects your server from becoming a staging area for third-party file distribution.
To make uploaded files available for distribution, the FTP Administrator can move files to a public directory.