40.11. Setting Per-Directory Options
The ProFTPD module allows you to set options that apply only to a specific directory, rather than globally or to an entire virtual server. This allows you to do things like hide a directory from clients, allow uploads by anonymous clients in just one location, or set the user and group ownership of files added to a directory.
To create a new set of per-directory options, follow these steps:
1. | If you want the options to apply to all virtual servers, enter the directory into the Directory path field in the Add per-directory options for form on the module's main page and hit the Create button. Alternately, you can limit them to a particular virtual server by clicking on its icon and using the same form on the virtual server options page. You can also define options that only apply to anonymous clients by hitting the Anonymous FTP icon for a virtual server and using its directory options creation form. In all cases, the directory should be entered as an absolute path like /usr/local. It is also possible to specify a path relative to the connecting user's home directory, like ~/public_html. You can even enter a path in a particular user's home directory, like ~jcameron/www. Normally, the options will apply to the directory and all its contents and subdirectories. To have them apply to only the contents and not the directory itself, add /* to the end of the path that you enter, like /usr/local/*. |
2. | After hitting Create, you will be taken to a page of option category icons for the directory, as shown in Figure 40.4. As usual, clicking on these icons will take you to forms for configuring various settings that apply only to requests for, and listings of, that directory. Figure 40.4. The per-directory options page.
|
3. | To totally deny access to clients, click Access Control and change the Access control policy field to Deny all clients, then click Save. |
4. | Normally, files uploaded by clients will end up owned by the UNIX user as whom the client logged in. To change this, click on the User and Group icon and enter a username for the Owner of uploaded files field. The uploaded files' group will be the primary group of the specified user, unless you fill in the Group owner of uploaded files field as well. Again, click Save after making any changes to return to the per-directory options page. |
5. | To limit only the uploading or downloading of files in this directory, you will need to create a set of per-command options under it. Section 40.12 “Restricting Access to FTP Commands” explains how. |
6. | To activate your changes for this directory, return to the module's main page and hit the Apply Changes button. |
7. | Once a set of options for a directory has been created, an icon for the directory will appear on the main, virtual server options, or anonymous FTP page—depending on where you created it. You can click on this icon to bring up the Per-directory Options page again and use the icons and forms to make any changes that you wish. It is also possible to change the path to which the options apply by clicking on the Configure Directory icon and updating the Directory path field on the form that appears. Then, hit the Save button followed by the Apply Changes button back on the main page. All the options set for the old directory will now apply to the new. |
You can also remove a directory options object from the ProFTPD configuration entirely by clicking on Configure Directory and then hitting the Delete directory config button. All settings and per-command options for the directory will be immediately and permanently deleted from the FTP server's configuration.
If you define options for both a directory and one of its children (such as /usr/local and /usr/local/bin), ProFTPD will always give precedence to the most specific directory when deciding which options to apply to a particular client request. This means that a setting made for /usr/local will apply to a download of /usr/local/bin/foo, unless it is overridden by a setting for /usr/local/bin.