February 27th, 2010, 10:16 PM
-
To "//" or not to "/"
I'm having kind of a weird issue using curl to ftp upload images and other files.
When I use what I thought is the standard form:
Code:
curl -s -S -v -u login:pwd FTP://myserver.com/usr/home/grndlvl/public_html/posthumour/images/ -T '/Volumes/Macintosh HD/Users/jeffrey/Pictures/mp/test.jpg'
I can't upload anything, but when I use:
Code:
curl -s -S -v -u login:pwd FTP://myserver.com//usr/home/grndlvl/public_html/posthumour/images/ -T '/Volumes/Macintosh HD/Users/jeffrey/Pictures/mp/test.jpg'
I can. I checked with my isp, and they say it is not specific to them:
server.xxx.com/bin
server.xxx.com//usr/home/user/bin
are both valid.
What is the most generally expected form for most servers?
Last edited by groundlevel; February 27th, 2010 at 10:20 PM.
February 28th, 2010, 12:39 AM
-
What's expected is you use locations relative to your initial FTP directory.
Code:
FTP://myserver.com/public_html/posthumour/images/
Originally Posted by groundlevel
I can. I checked with my isp, and they say it is not specific to them:
server.xxx.com/bin
server.xxx.com//usr/home/user/bin
are both valid.
Are you saying you can browse to http://server.xxx.com/bin and get the same stuff at http://server.xxx.com//usr/home/user/bin?
February 28th, 2010, 08:11 PM
-
They're being obtuse.
So I think I'm going to try just straight ftp. Can you tell me the correct command given the parameters to upload to a specific directory with the login and password?
If you happen to know if such a thing is possible with sftp or even scp, that would be even better.
February 28th, 2010, 09:15 PM
-
Secure your FTP server immediately by chrooting its users since its clear that you don't want anyone taking a peak at your /etc/passwd etc.
That way you will limit all your users to access only their home folders.
If you are using vsftp then you can simply open the /etc/vsftpd/vsftpd.conf and change the chroot_local_user setting to look like the following line
Code:
chroot_local_user=YES
. If there is none add it right at the end of the file.
After that restart vsftpd with
Code:
service vsftpd restart
.
That is the obvious reason why you are able to traverse that web server the way you do it.
As for the second question you might be better of with using ncftp or similar, more secure, client. The method you are using is considered to be obsolete now from a security point of view although that might not be the biggest problem you have currently considering you server setup
Last edited by holodoc; February 28th, 2010 at 09:19 PM.
PHP Code:
<?php
abstract class Ignorance extends Stupidity implements Unavoidable {
public static $humiliation;
private function __construct(){
parent::__destruct();
};
}
?>
February 28th, 2010, 09:45 PM
-
Heh. Noted.
This is actually for an app I'm making. So I can't use someone else's app
I need the actual commands, and I'd like to make them secure, hence sftp or scp as a preference.
But any command line program would work.