>
> I've got a bit of a dilema. I have to set up non-anonymous ftp for an
> organization. The basic structure is that this organization wants to set
> up ftp accounts so that selected people can retreive information via the
> 'net. The requirements of any one individual are that (a) they can store
> and retreive files (b) the files be removed once they have retreived them
...
> --
> Brian J. Murrell brian @
ilinx .
com
> InterLinx Support Services, Inc. brian @
wimsey .
com
> North Vancouver, B.C. 604 983 UNIX
> Platform and Brand Independent UNIX Support - R3.2 - R4 - BSD
Can't this be solved by the more or less standard 'secret' structure:
You put a directory in the anon ftp area with permissions:
+x -r (+-w).
+x allows traversal by the os, but -r disallows anyone but root from reading
the directory. Allow +w if you want outside users to be able to write files
or create directories. In the -w scenario you could make a directory for
each user and allow +w for that.
To make this work, you just suggest/insist/enforce/assign unguessable filenames
and directory names under secret. Assuming sufficiently long filenames,
this gives good security.
You can even setup a root process to purge old stuff.
I'm working on a system where a user wants to upload info to a web server
and having a program assign temp directories this way looks much easier
than managing ftp accounts, etc.
Does anyone have solid problems with this or a better method?
sdw
--
Stephen D. Williams 25Feb1965 VW,OH sdw @
lig .
net http://www.lig.net/sdw
Senior Consultant 513-865-9599 FAX/LIG 513.496.5223 OH Page BA Aug94-Feb95
OO R&D AI:NN/ES crypto By Buggy: 2464 Rosina Dr., Miamisburg, OH 45342-6430
Firewall/WWW srvrs ICBM/GPS: 39 38 34N 84 17 12W home, 37 58 41N 122 01 48W wrk
Pres.: Concinnous Consulting,Inc.;SDW Systems;Local Internet Gateway Co.28Jan95
Follow-Ups:
References:
|
|
