Configure proftp ftp server on debian so that a user can only upload and does not see the files

Question

I installed and configured proftp on Debian using this howto and it works nicely.

Effectively, the changes to the config are:

[...]
UseIPv6 off
[...]
<Global>
    RootLogin   off
    RequireValidShell off
</Global>

DefaultRoot  ~

<Limit LOGIN>
    DenyGroup !ftpgroup
</Limit>

and the permission of the user directory are

addgroup ftpgroup
adduser otropload -shell /bin/false -home /ftpshare
chmod -R 1777 /ftpshare/

but I would like to have one change:

I would like to have this user to be an upload only user who does not see the files but can upload new files. I assume this is possible by changing permissions, but I have no idea which ones.

So my question:

How can I configure proftpd or the permissions of the users home directory so that a user can only upload to the ftp server and does not see existing files?

May I at least get some information why this question was downvoted? Otherwise can't improve it. Thanks. — Rainer, Feb 23 '16 at 18:02

score 3 · Answer 1 · answered Feb 23 '16 at 19:54

To not be able to "see" the files (assuming that this just means blocking directory listings), the following config might work:

<IfUser otropload>
  # Block directory listing commands
  <Limit LIST NLST MLSD MLST>
    DenyAll
  </Limit>
</IfUser>

Note that this requires that your proftpd be using the mod_ifsession module.

Now, the above might make various FTP clients very unhappy, as they often will upload a file, then request a directory listing to verify that the file was uploaded. Mostly this happens for GUI FTP clients.

Hope this helps!

Thanks - especially the second part makes sense. So I think I will leave it as it is. — Rainer, Feb 24 '16 at 10:59

Configure proftp ftp server on debian so that a user can only upload and does not see the files

1 Answers1