I have realized that some of my FTP users are uploading *.exe file to the FTP user account which is just supposed to have *.MXF and all kind of Media format.
I am looking for a way to deny all kind of file upload except ***.mxf,*.mp4 *.mov and so on. restrict the ftp account to accept only media files and not exe's
does anyone have idea about it how can i manage it with VSFTPD server.
Thank you so much in advance.
You might want to review the section of man vsftpd.conf, specifically the deny file section of string options which states.
deny_file
This option can be used to set a pattern for filenames (and directory names etc.) which should not be accessible in any way. The affected items are not hidden, but any attempt to do anything to them (download, change into directory, affect something within directory etc.) will be denied. This option is very simple, and should not be used for serious access control - the filesystem's permissions should be used in preference. However, this option may be useful in certain virtual user setups. In particular aware that if a filename is accessible by a variety of names (perhaps due to symbolic links or hard links), then care must be taken to deny access to all the names. Access will be denied to items if their name contains the string given by hide_file, or if they match the regular expression specified by hide_file. Note that vsftpd's regular expression matching code is a simple implementation which is a subset of full regular expression functionality. Because of this, you will need to carefully and exhaustively test any application of this option. And you are recommended to use filesystem permissions for any important security policies due to their greater reliability. Supported regex syntax is any number of *, ? and unnested {,} operators. Regex matching is only supported on the last component of a path, e.g. a/b/? is supported but a/?/c is not.
Example: deny_file={*.exe,*.sh,.private}
I have not tested that this will explicitly deny uploading of .exe files, however the assumption is that people are uploading them so others can download them. When that ceases to work, perhaps the activity of uploading them will cease as well. As suggested in this comment you could also write a script to reclaim the space in the upload directory by rm /youruploaddir/*.exe where /youruploaddir/ is the directory that your users are uploading to and use cron to schedule it to run at a specific time or frequency.
Since a file extension in no way guarantees content as mentioned by @CharlesGreen in this comment you might consider a a variation on this script which I designed to find virtually all video files on my system. You can easily modify it to include .mxf (Material Exchange Format) containers. Or as an alternative simply identify the actual .exe files by utilizing grep to match "executable" in the output from file
Executable file determination Example:
file *.* | grep "executable"| cut -d':' -f1
Will print the filenames of the files in the current directory that are actually executable (such as Windows .exe files)
Note: Files are only executable on your system if you have the permissions set to allow that. See this for further detail.
