Topic: Instant Uploads with Anon IBay FTP.

[Dave Boccabella]

Ok.. This will take some explaining - so bear with me.
I FINALLY realiased what I was doing wrong with the IBay FTP access - its ftp://IBay@DOMAIN

Strange but livable.

But since fixing this I still had the problem that I wanted to enable files to be upload to the IBay by anyone, and still have some protection..
If you have tried this with an un-altered IBay then then you'd get a Permissions error and lots of lost hair.
The easy way is this..

goto etc/e-smith/skel/ibays/files
create a NEW directory there called upload

Now when a new IBay is created there will be an upload directory in the files area.
Next to enable it for access

create a new custom template as follows
mkdir etc/e-smith/templates-custom/etc/proftpd.conf
cp etc/e-smith/templates/etc/proftpd.conf/60AnonymousIBay to etc/e-smith/templates-custom/etc/proftpd.conf/60AnonymousIBay

Now change 60AnonymousIBay in the custom directory  and add the following lines
            $OUT .= "    \n";
            $OUT .= "        \n";
            $OUT .= "           AllowAll\n";
            $OUT .= "        \n";
            $OUT .= "    \n";

after the

Save, and then create an IBay.

What happens is this

When an anon user logs in the whole directory structures is set to DenyAll
Then it reads the next line and the upload directory is set to  AllowAll

Thus anyone can put stuff in the upload directory - BUT CANNOT change the stuff in the other directories. - Makes administration a dream
If you don't want anyone to upload then just delete the upload directory - as it is not there it will not be changed and the site is still secure.

enjoy

Ps. Dan - could you check that I've put things in the right area..  Also can you send me some details on all of the possible flags for the Limit command

Dave

[Jeff Fox]

This sounds great.
Now how do I get ftp write access to the /html directory under an  ibay?

[Brian Moore]

hmmm, tried this and now on my test machine, I can connect to an ibay but the connection is immediately terminated with "connection closed by remote host"
 added the following lines to the end of /etc/e-smith/templates-custom/etc/proftpd.conf/60anonymousIBay
$OUT .= " \n";
$OUT .= " \n";
$OUT .= " AllowAll\n";
$OUT .= " \n";
$OUT .= " \n";
saved the file but there still must be something wrong.  the upload directory was created correctly but now, no access to the ibay.

any tips would be appreciated.  brian.

[Michael Doerner]

Hi Dave,

interesting approach that you have created there.

I had a quick try and it seems to do what you we want it to do (write access to a separate upload directory). Unfortunately I was also able to delete the whole upload folder when coming in through ftp as an authorised (ibay) user.

Any idea whether there is a way to lock that?

Regards,
Michael Doerner

[Brian Moore]

HI Michael.  Strange that you can delete your upload directory.  I couldn't do that but I keep getting refusedaccess to any ibay I create now almost immediately with "connection closed by remote host"  I followed dave's directions and copied 60AnonymousIBay to /etc/e-smith/templates-custom/etc/proftpd.conf and added the following lines to the file:
$OUT .= " \n";
$OUT .= " \n";
$OUT .= " AllowAll\n";
$OUT .= " \n";
$OUT .= " \n";

I then saved the file and created a new ibay but can't get access to it
will have to play some more.

Brian.

[Michael Doerner]

Brian,

I suspect that you insert your lines at a wrong position!?
At the very last end is not correct. This is the extract from here:

           $OUT .= "        \n";
            $OUT .= "    \n";
###         26.06.2001, anonymous write to 'upload' directory; MDO
            $OUT .= "    \n";
            $OUT .= "        \n";
            $OUT .= "            AllowAll\n";
            $OUT .= "        \n";
            $OUT .= "    \n";
### end of modification                                  
            $OUT .= "\n";

As you can see, I inserted them before the "" statement. Could this be your problem?

Also to answer my own question about the folder deletion:

I had a closer look in the proftpd documentation and WRITE might be a bit too much permission? As you can see above, I reduced it to STOR only which would only allow to upload files, nothing else. This might be a bit too tight for others but it's a minimum where I can live with.

Regards,
Michael

[Brian Moore]

HI again Michael.  that was it and it works perfectly now.  thanks much.  Brian.

[Jules]

Question guys !!!

How can I make anonymous uploads allowed also downloads allowed but NO deleting !?!?! Any Ideas ... (i tried STOR) but no luck

Any Answers ASAP will be appreciated !!

Thanks

[Dave Boccabella]

Ok..
From the ProFTPd manual
(http://pdd.sourceforge.net/userguide)
They suggest the following  NOTE:.. Haven't tried it yet - too busy :>

But..
.....

 
     AllowAll
 
 
    DenyAll
 



If the above fails then try removing the READ..  Personally I WISH that the ProFTPd manual was a little easier to read and understand.. esp what the various  permission functions are.

Dave

[Michael Doerner]

>>
How can I make anonymous uploads allowed also downloads allowed but NO deleting !?!?! Any Ideas ... (i tried STOR) but no luck
<<

Hm,

I still believe it is doing that for me, allowing uploads and downloads (inside the upload folder!).
Can somebody check that maybe?

Regards,
Michael Doerner

[Dave Boccabella]

I've finally found most/All/???? of the limit commands for ProFTPd, so bear with me.

I suppose one of my minor gripes about GPL stuff is that the documentation is often way behind the actual product , almost as an afterthought because the app is running and if your REALLY want to know something then you can look it up in the code.
Anyway - I am still researching this, and hopefully will have some nice secure script changes for you all..

Dave

[Jules]

I REALLY appreciate the time and effort you put in Dave, thanks a lot .. Will try it tonite )

And Michael... I would try it if I knew where to go !?!?

Thanks again all

Jules™

[Jules]

Ps ... I'm glad SOMEONE can interperet the Damn manual cu I sure can't lol

[Dave Boccabella]

Ok..

Finally after some messing about the best combination on the upload directory is 'STOR MKD'

This enables the following

1). Upload files to the UPLOAD directory
2). Block deleteion of uploaded files
3). Block name-change of uploaded files
4). Create Sub-directories. NOTE for IE users - create a sub-directory (james) on the desktop and drag-drop it into the UPLOAD directory.  This is because IE by default creates a 'New Folder' and it cannot be renames. Other FTP systems will allow you to name during create.

If there are any other changes then let me know and I'll research further.


Ideal solutions (when I work out HOW the web screen system works) would be a set of checkboxes and dropdowns to create specific permissions etc.

Enjoy

Dave