Restricted Upload via FTP??

Pazeh · #1 01-09-2008, 09:26 PM

I want to give a client access to a specific folder on their site so they do upload some content via FTP (content size might be bigger than max_upload_size, thats why I have to let them use FTP, and its better just in case the connection went of...)

The files will be media files (mp3, avi, jpg....)

is there a way to restrict the type of files they do upload via FTP (I'm assuming, if possible, this will be via .htaccess), or do not let them upload .php files.

Tho they are not techy, my worry is they might upload a php files and read the source code of the files above that folder that they do have access to.

My folder structure is something like
public_html
/php
/html
/media (the folder they do have access to, which in turn has other folder depending on the type of the media)

Thanks in advance,
Pazeh

kmaw · #2 01-09-2008, 10:37 PM

If you give the user a username/password in FTP accounts in cpanel, that user will only have access to the directory you create... ie media. They won't be able to see the others unless you give them the account u/p.

I don't know of anyway to restrict file types by FTP transfer. I quick Google search didn't reveal anything either... you could definitely do it with an upload script, but as you said, that doesn't work in this instance.

Maybe someone else will have an idea...

Pazeh · #3 01-09-2008, 11:04 PM

thnx Kmaw, I did google too with no results (so far)

I know that they can not access folder above the folder that I have assigned in the cpanel, but what if they uploaded a pho script that lists the files in the directory & the parents directory/ies?

I mean the php file that is uploaded will still be able to read the files above the folder that is in, right??

slapshotw · #4 01-09-2008, 11:16 PM

If you restrict them to a certain directory, then change the permissions on that directory to disallow "Execute" (so make the directory permissions 644), it should block their php scripts from doing anything.

Pazeh · #5 01-09-2008, 11:30 PM

now that is something sweeet!!

I wasn't able to chmod the folder to 644, it kept being 744 but it worked!!

Another Q tho, when the ftp_only user uploads a file via FTP, the owner & the group of that file is cpanel_user, is this how it should work?

slapshotw · #6 01-10-2008, 12:19 AM

Yes, those FTP accounts upload files as part of the cPanel user account they're part of.

Pazeh · #7 01-10-2008, 08:03 AM

thanks a lot