In order to prevent all anonymous FTP users from listing uploaded file names, what security precaution can be taken when creating an upload directory?
In order to prevent all anonymous FTP users from listing uploaded file names, what security precaution can be taken when creating an upload directory?
To prevent anonymous FTP users from listing uploaded file names, the directory must not have the read permission set. Without read permission, users cannot list the contents of the directory, thus keeping uploaded file names hidden.
B is correct! Only anonymous users for uploading need in this case Write and Execution options which are w+e=2+1=3 that means Anonymous users can not see the content of the directory but have permission to access the directory (executive permission 1) as well as write (write permission 2) -> just uploading To allow anonymous users to upload, it is recommended that a write-only directory be created within /var/ftp/pub/. To do this, type: mkdir /var/ftp/pub/upload Next change the permissions so that anonymous users cannot see what is within the directory by typing: chmod 730 /var/ftp/pub/upload A long format listing of the directory should look like this: drwx-wx— 2 root ftp 4096 Feb 13 20:05 upload Additionally, under vsftpd, add the following line to the /etc/vsftpd/vsftpd.conf file: anon_upload_enable=YES Because FTP passes unencrypted usernames and passwords over insecure networks for authentication, it is a good idea to deny system users access to the server from their user accounts. To disable user accounts in vsftpd, add the following directive to /etc/vsftpd/vsftpd.conf: local_enable=NO