Securing and Optimizing Linux: RedHat Edition -A Hands on Guide | ||
---|---|---|
Prev | Chapter 32. Linux FTP Server | Next |
Whether you allow on-the-fly tarring of directories or not, you should make sure an end-run cannot be made using tar command in all areas where the upload parameter is not permit. To do so, create the special file .notar in each directory and in the FTP directory.
The zero-length .notar file can confuse some web clients and FTP proxies, so let's mark it irretrievable to solve the problem. Add the following lines to your /etc/ftpaccess file.
noretrieve .notar |
The noretrieve command. The noretrieve parameter of Wu-ftpd server allow you to deny transfer of the sectected directories or files. It is also a good idea to prevent downloads of those subdirectories bin, etc, dev, and lib in the /home/ftp directory with the command noretrieve in your /etc/ftpaccess file.
# We'll prevent downloads with noretrieve. noretrieve /home/ftp/etc noretrieve /home/ftp/dev noretrieve /home/ftp/bin noretrieve /home/ftp/lib |