Topic: Allow FTP upload but that's it? (Page 1 of 1)

I have a directory that our customers use to upload files to us. However, I need to make it so they can upload but not anything else. Espically delete files.

I gave this a whirl but didn't work

# protect the directory for the ftpuser upload
# this will allow only systelpr to be able to delete files...or should. 
<Directory /path/to/directory/>
  <Limit DELE>
    AllowUser myusername
    DenyAll
  </Limit>
 </Directory>

Later,

C:\

I'll add a question on the same topic!

Is there a way to also restrict someone accessing a subdirectory of a ftp directory they have access too.

E.g they have access to public_html, but i dont want them to have access to public_html/includes, but they can have access to public_html/images


Can't seem to control this acces in cpanel

No, but you could give ownership to another user (webserver...), and remove world and group read & execute on the directory...

Can you do that just so it effects ftp? Or will that effect people accessing files via the web too.

I want them to be access special php files via the web but not via the ftp.

Depends on what user php is running as.

If it's www-data. No problem at all.
If it's owner of the files: Probably not a problem either.

Honestly, the best idea would be to move the stuff out of their ftp root.
I mean, they're includes, it doesn't matter wether they're available via http, does it?

Yeah i was thinking that, but their nto all includes, its more a web app that is accessed from a subdomain so its a subdirectory of public_html.

I could possibly reconfigure my virutal hosts file to put the subdomain below the root, but not sure how that effects some things. Mind you i could move the bulk of the app below the root anyway really.

Part of it is protection of the web app, the other part is so they don't play with it and stuff it up