Debian – Configure proftp ftp server on debian so that a user can only upload and does not see the files

configurationdebianproftpd

I installed and configured proftp on Debian using this howto and it works nicely.

Effectively, the changes to the config are:

[...]
UseIPv6 off
[...]
<Global>
    RootLogin   off
    RequireValidShell off
</Global>

DefaultRoot  ~

<Limit LOGIN>
    DenyGroup !ftpgroup
</Limit>

and the permission of the user directory are

addgroup ftpgroup
adduser otropload -shell /bin/false -home /ftpshare
chmod -R 1777 /ftpshare/

but I would like to have one change:

I would like to have this user to be an upload only user who does not see the files but can upload new files. I assume this is possible by changing permissions, but I have no idea which ones.

So my question:

How can I configure proftpd or the permissions of the users home directory so that a user can only upload to the ftp server and does not see existing files?

Best Answer

To not be able to "see" the files (assuming that this just means blocking directory listings), the following config might work:

<IfUser otropload>
  # Block directory listing commands
  <Limit LIST NLST MLSD MLST>
    DenyAll
  </Limit>
</IfUser>

Note that this requires that your proftpd be using the mod_ifsession module.

Now, the above might make various FTP clients very unhappy, as they often will upload a file, then request a directory listing to verify that the file was uploaded. Mostly this happens for GUI FTP clients.

Hope this helps!

Related Topic