0

I need to create a directory on a Linux server where users can "submit" files, similar to the incoming directory on an ftp server. (Where they would not be viewable after submission.)

Specifically, this is Fedora 20, though I'm hoping for a solution that will work in general.

Obviously, I can set up vsftp locally and actually ftp to localhost, but it seems unnecessary.

Basically, I want a user to be able to copy a file into this directory, but not view it afterwards. (Although, if they could append to it with >>, that would be nice)

Is there any combination of groups, chmod, umask, and setfacl that will allow this?

Thanks.

Joe Fruchey
  • 101
  • 1

1 Answers1

6

Yes.

  1. Create the submit directory with -wx permission. So the users will be able to enter it, and create/delete files in it, but not get a directory listing.
  2. Give him the +t flag, to ensure them they will be able to delete/overwrite their own files.
  3. Give the g+s flag to the submit directory, to ensure their files will be created by the gid of the submit directory, and not by theirs.
  4. Remove any extra chmod/chown/etc. permission in your ftp server configuration. They shouldn't be able to do anything with the exception of uploading.
  5. Set them an umask 027 in the sftp server. It will create their files with 750.

Acls aren't needed in this setup, but maybe they would be needed, if you run into a unpredicted problem. In this case, I suggest to ask again, this time with the more detailed exact problem. Good luck!