1

I have a large number of clients that all need to upload large files to our server. Once the files are uploaded, they will be moved manually to a different location on the server. In the meantime, each client's files should only be visible to them and not by other clients.

I'm really not keen on the idea of setting up hundreds of FTP accounts (I realize the account creation process can be automated, but it seems like an overly-complicated and messy solution for my needs). Is there a way to simply allow write access but not read access to a single FTP directory?

David
  • 745
  • 3
  • 7
  • 10

2 Answers2

4

FTP is old, creaky, insecure, and messy. I'd avoid it or migrate away from it if at all possible. That said, I know sometimes business needs make this impossible.

If you give a user write, but not read, to a directory, then should be able to transfer files to that directory without reading what's actually there.

MDMarra
  • 100,183
  • 32
  • 195
  • 326
4

You're creating a drop-box, which has been around for quite some time. You can set these up in Unix-land by creating a directory that has Write but neither Read or Execute for the user doing the uploading.

If you're using FTP via Windows IIS, you can do something very similar by granting the relevant IUSR account just Write access. It's a special rights grant you'll have to do through the Advanced Permissions page, since write-without-read is not a common permission to grant. But it definitely can be done.

sysadmin1138
  • 131,083
  • 18
  • 173
  • 296
  • So if I set up a drop-box, how should the users connect? I wouldn't want to give them SSH access, would I? – David Oct 08 '12 at 16:57
  • @David What's described here is a solution that would work for FTP (generically on Unix systems, or on Windows/IIS with the specific instructions). The most universal way would be http(s) uploads like MDMarra suggested in his answer (assuming we're not talking gigabyte-plus files where HTTP uploads would be unreasonable) - – voretaq7 Oct 08 '12 at 16:59