[X-Unix] 10.3 FTP - Anon Read Only Access

[Albert Lunde]

On Fri, Sep 24, 2004 at 07:13:30PM -0400, William H. Magill wrote:
> On 23 Sep, 2004, at 15:28, Steve Savery wrote:
> >I've been trying to configure the FTP service on Panther Server (all 
> >the latest updates). However, while I can allow anonymous access, the 
> >user is not able to upload files. I've tried creating a symbolic link 
> >to a shared area with Everyone read/write access, but this still 
> >doesn't work.
[...]
> The basic philosophy with FTP servers these days is that they are very 
> dangerous and therefore their "base" must be contained and users 
> severely restrained. Any link out of the "controlled" area is a large 
> potential security hole.

And any FTP site allowing anonymous uploads will rapidly become
a distribution site for dubious stuff from unwanted third parties
unless measures are taken.

One approach is to write a batch job that renames and moves uploaded 
files outside the FTP directory tree, and run it frequently with cron.
(Perl could do this.)

I don't know the Panther FTP server, but anonymous FTP is commonly
done within a "chroot" restricting access to a given directory
tree. That would explain symlinks failing.

The idea of a "drop box" is really an Apple thing, not well
supported by Unix permissions. I think the closest one might come would 
be to put a other-writable directory with an obscure name within 
an enclosing directory with execute but not read permissions.

(Another thing about FTP is that it was designed before firewalls
and Network Address translation became common and is hard to adjust
for either one.)

Yet another mutant idea would be to write a web CGI using a form
set up for "file upload". (This is possible with CGI.pm but you 
might need to check the options used to install it to see if
file upload is allowed.