[Dshield] FTP Site

Paul Clarke paulclarke at clarkeworks.com
Thu Nov 29 12:47:36 GMT 2001


In a message Sean said:

>Date: Wed, 28 Nov 2001 01:19:43 +0100
>To: dshield at dshield.org
>From: Sean Graham <seangra at yahoo.com>
>Subject: Re: [Dshield] (no subject)
>Reply-To: dshield at dshield.org
>
>why do you wish to run an FTP with open access in the first place?
>
>Usually I have seen that people just mark the Uploads directory Write-Only,
>but with list, and that's the only place with write access.  You can upload
>all you want, and see what you've uploaded, but only users with accounts
>can download anything that has been uploaded (or they must wait until you
>move it out of the upload directory).  Wouldn't this be a simpler way to
>control it?
>
>Good solution though.
>
>-- Sean

I wanted open (e.g. anonymous) access for the DOWNLOAD for convenience - but
no download from the UPLOAD.

There are some complications in Windows NT/2000 NTFS permissions that make
it difficult to allow directory viewing but not file reading (at least I had
difficulty making that work smoothly with a "inherited" right to "write"
allowed by IIS5 and a "deny" read set in NTFS security).  I'm certain your
right about the settings it's just that I couldn't find a comfortable
combination with the complexity of IIS5's security and NTFS permissions
adding "inheritance" into the mix.  My old brain just froze :>

Perhaps I should trash the "windoze" server and go with a Linux box.

That should get the advice flowing :>

Thanks for the reply.

Paul





More information about the list mailing list