On Fri, Sep 24, 2004 at 07:13:30PM -0400, William H. Magill wrote: > On 23 Sep, 2004, at 15:28, Steve Savery wrote: > >I've been trying to configure the FTP service on Panther Server (all > >the latest updates). However, while I can allow anonymous access, the > >user is not able to upload files. I've tried creating a symbolic link > >to a shared area with Everyone read/write access, but this still > >doesn't work. [...] > The basic philosophy with FTP servers these days is that they are very > dangerous and therefore their "base" must be contained and users > severely restrained. Any link out of the "controlled" area is a large > potential security hole. And any FTP site allowing anonymous uploads will rapidly become a distribution site for dubious stuff from unwanted third parties unless measures are taken. One approach is to write a batch job that renames and moves uploaded files outside the FTP directory tree, and run it frequently with cron. (Perl could do this.) I don't know the Panther FTP server, but anonymous FTP is commonly done within a "chroot" restricting access to a given directory tree. That would explain symlinks failing. The idea of a "drop box" is really an Apple thing, not well supported by Unix permissions. I think the closest one might come would be to put a other-writable directory with an obscure name within an enclosing directory with execute but not read permissions. (Another thing about FTP is that it was designed before firewalls and Network Address translation became common and is hard to adjust for either one.) Yet another mutant idea would be to write a web CGI using a form set up for "file upload". (This is possible with CGI.pm but you might need to check the options used to install it to see if file upload is allowed.