You can configure vsftpd server to set permissions on anonymous uploads. anonymous uploads can be very dangerous if not used correctly.
Open your vsftpd config file:
Code:
vi /etc/vsftpd/vsftpd.conf
Now add/modify following anonymous uplod specific option
Code:
local_enable=YES
write_enable=YES
nopriv_user=ftp
anonymous_enable=YES
anon_upload_enable=YES
chown_uploads=YES
chown_username=inftpadm
ftp_username=inftpadm
local_umask=002
anon_umask=007
file_open_mode=0666
Where,
- ftp_username=inftpadm : This is the name of the user we use for handling anonymous FTP. The home directory of this user is the root of the anonymous FTP area.
- chown_username=inftpadm : This is the name of the user who is given ownership of anonymously uploaded files. This option is only relevant if another option, chown_uploads, is set to YES.
- chown_uploads=YES : This is a security and administrative feature. It enabes, all anonymously uploaded files will have the ownership changed to the user specified in the setting chown_username i.e inftpadm.
Above configuration make sure that all anonymously uploaded files owned by inftpadm user with read/write permission for the inftpadm user only.
Following are general config option
Code:
tcp_wrappers=YES
xferlog_enable=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
dirmessage_enable=YES
xferlog_std_format=YES
connect_from_port_20=YES
ls_recurse_enable=YES
chroot_local_user=YES
Save and restart server.
Code:
# /etc/init.d/vsftpd restart
Test configuration login as anonymous user and later running ls -l command.
Further readings
=> VSFTP chroot or jail users - limit users to only their home directory howto:
http://www.cyberciti.biz/tips/vsftp-...directory.html
=> VSFTPD docs :
http://vsftpd.beasts.org/vsftpd_conf.html