howtos:pure-ftpd_upload_script
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | howtos:pure-ftpd_upload_script [02/12/2018 21:34] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Enable Upload Script ====== | ||
+ | |||
+ | To enable uploadscript set the paramter " | ||
+ | |||
+ | Now edit the file / | ||
+ | |||
+ | < | ||
+ | UPLOADSCRIPT=/ | ||
+ | # if set, pure-uploadscript will spawn $UPLOADSCRIPT running as the | ||
+ | # given uid and gid | ||
+ | UPLOADUID=1008 | ||
+ | UPLOADGID=1008 | ||
+ | </ | ||
+ | |||
+ | This will call the script "/ | ||
+ | |||
+ | < | ||
+ | # id pureftpd | ||
+ | uid=1008(pureftpd) gid=1008(pureftpd) groups=1008(pureftpd) | ||
+ | </ | ||
+ | |||
+ | ====== The Upload Script ====== | ||
+ | |||
+ | Now to the script. | ||
+ | |||
+ | Of course you will have to make sure it has execution permissions: | ||
+ | |||
+ | < | ||
+ | # chmod +x / | ||
+ | </ | ||
+ | |||
+ | ===== A Word of Caution ===== | ||
+ | |||
+ | You will also have to consider **very** carefully what you put into the script. The script will run no matter who or what is uploaded and can become a security breach. As you do not control what is uploaded or what it is called it could inadvertably do bad stuff to your system. | ||
+ | |||
+ | ===== The Story ===== | ||
+ | |||
+ | My need for an uploadscript was to determine if a file was a picture and not some funny Windows malware (Linux has saved a lot of Windows machines LOL). A customer of mine was getting a lot of documents scanned by a bureau with a massive virus infected network (cheap labour does come at a price :-)). To minimize the risk of uploading crapware I was told to find a simple (and cheap) solution. As I knew that the files uploaded only was pictures a simple filter testing for that was an easy choice. You could choose to extend the action and also virusscan the files, that would be a very easy job to do - just add an other if-then test cycle to the script and throw in [[http:// | ||
+ | |||
+ | ===== The Script ===== | ||
+ | |||
+ | I'm simply testing the file with the command " | ||
+ | Back to the script. If the file is a picture of either GIF or PNG type it will be accepted and moved into / | ||
+ | If it is of any other type it will be deleted and a mail send to user@spammenot.dk. | ||
+ | |||
+ | < | ||
+ | #!/bin/bash | ||
+ | logger uploadscript | ||
+ | FILETYPE=`file " | ||
+ | if [ x$FILETYPE = xGIF -o x$FILETYPE = xPNG ]; then | ||
+ | mv " | ||
+ | else | ||
+ | rm " | ||
+ | echo "$1 uploaded and deleted again" | / | ||
+ | fi | ||
+ | </ |
howtos/pure-ftpd_upload_script.txt · Last modified: 02/12/2018 21:34 by 127.0.0.1