Allowing rename but not moving to other directory

Users can upload/delete/rename files using vsftp web server and also every little thing functions well other than they can additionally relocate files throughout directory sites.

Is it feasible to permit renaming of files yet forbid relocating them about?

Instance,

/ftp/work/xls/list.xls # can be deleted/renamed but should not moved to ie. 'doc'
/ftp/work/doc/list.doc # same thing, should not be moved elsewhere
5
2022-07-25 20:40:05
Source Share
Answers: 3

If you have a readlink that supports the -e switch for path canonicalization, I suggest you prevent your users from using mv altogether and write your own mv as a replacement. Something like this perhaps:

#!/bin/bash

[ $# -ne 2 ] && echo "Only a two-argument mv is allowed" && exit 1

src="$1"
dst="$2"

srcdir="$(readlink -e "$(dirname "$src")")"
dstdir="$(readlink -e "$(dirname "$dst")")"

[ "$srcdir" != "$dstdir ] && echo "Cross-directory mv is forbidden" && exit 2
[ "$(basename "$src")" = "$(basename "$dst")" ] && echo "Source and destination are the same. Nothing to do." && exit 3

cp -p "$src" "$dst" && rm -f "$src"

Note that this will (obviously) cause the moved file's inode number to change unlike a regular mv.

0
2022-07-25 22:37:35
Source

you can try playing with :

  • cmds_allowed

    This options specifies a comma separated list of allowed FTP commands (post login. USER, PASS and QUIT and others are always allowed pre-login). Other commands are rejected. This is a powerful method of really locking down an FTP server. Example: cmds_allowed=PASV,RETR,QUIT Default: (none)

  • cmds_denied

    This options specifies a comma separated list of denied FTP commands (post login. USER, PASS, QUIT and others are always allowed pre-login). If a command appears on both this and cmds_allowed then the denial takes precedence. (Added in v2.1.0).

and block the RNTO command for example.

2
2022-07-25 22:37:24
Source

I would certainly claim that the unix version is to permit contacted the directory sites you desire, u.e./ home/mpapec and also to forbid accessibility un details directory sites as wanted.

0
2022-07-25 21:20:48
Source