1

I have a large number of clients that all need to upload large files to our server. Once the files are uploaded, they will be moved manually to a different location on the server. In the meantime, each client's files should only be visible to them and not by other clients.

I'm really not keen on the idea of setting up hundreds of FTP accounts (I realize the account creation process can be automated, but it seems like an overly-complicated and messy solution for my needs). Is there a way to simply allow write access but not read access to a single FTP directory?

Improve this question
3

2 Answers 2

Reset to default
4

FTP is old, creaky, insecure, and messy. I'd avoid it or migrate away from it if at all possible. That said, I know sometimes business needs make this impossible.

If you give a user write, but not read, to a directory, then should be able to transfer files to that directory without reading what's actually there.

Improve this answer
4
  • Thanks. What would be a better solution over FTP in my case?
    – David
    Commented Oct 8, 2012 at 16:54
  • 1
    SCP, SFTP, an HTTPS-based browser upload, etc.
    – MDMarra
    Commented Oct 8, 2012 at 16:56
  • Okay, I'll move to HTTPS-based browser upload. Thanks!
    – David
    Commented Oct 8, 2012 at 17:04
  • @David A bit late, but see also serverfault.com/q/648855/4480 .
    – Brian
    Commented Apr 20, 2017 at 15:12
4

You're creating a drop-box, which has been around for quite some time. You can set these up in Unix-land by creating a directory that has Write but neither Read or Execute for the user doing the uploading.

If you're using FTP via Windows IIS, you can do something very similar by granting the relevant IUSR account just Write access. It's a special rights grant you'll have to do through the Advanced Permissions page, since write-without-read is not a common permission to grant. But it definitely can be done.

Improve this answer
2
  • So if I set up a drop-box, how should the users connect? I wouldn't want to give them SSH access, would I?
    – David
    Commented Oct 8, 2012 at 16:57
  • @David What's described here is a solution that would work for FTP (generically on Unix systems, or on Windows/IIS with the specific instructions). The most universal way would be http(s) uploads like MDMarra suggested in his answer (assuming we're not talking gigabyte-plus files where HTTP uploads would be unreasonable) -
    – voretaq7
    Commented Oct 8, 2012 at 16:59

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .