howto accept only one filetype with vsftpd

Latest response

Hi,

I have deployed vsftpd and want client to be able to upload only zip files. I found deny_file directive but that works the other way. It has, however, a under documented and restricted regexp functionality. Is it possible to use deny_file's regexp to negate zip (denyfile != .zip)?

Fred

Responses

Hi Fred,

No answer yet, but I think we should be able to help out. Let me chase this one up.

Hi Fred,

An entry in vstfpd.conf like "deny_file != .zip" won't work, but I believe that I may have created a value for deny_file that would be a step in the right direction:

deny_file={*.[a-y]*,*.z[a-hj-z]*,*.zi[a-oq-z]*}

It seems like the value of deny_file isn't actually a regexp, but more like a shell file glob.  I've tested this deny_file expression on my system, and vsftpd does allow me to upload "file.zip" and "file.ZiP", but it won't allow me to upload the following files:

  • file.txt
  • file.zap
  • file.zit
  • file.zzz

It does, however, allow me to upload the file "file.zipped", so the expression isn't perfect.  As the documentation for vsftp states, deny_file isn't really intended for serious access control.

Thanks! I will try this!

[Duplicate comment removed -Admin]

What about this one:

deny_file={*.[a-y]*,*.z[a-hj-z]*,*.zi[a-oq-z]*,*.zip[a-z0-9]*}

I guess you'd need to add 0-9 to the other entries as well.

Good catch!  Yes, of course you should really include all characters that are acceptable as part of a file name in your locale in the character class.