Oberon || Library || Module Index || Search Engine || Definition || Module

Ulm's Oberon Library:


FTPUnixFileSystems - present selected UNIX file hierarchy for FTP


PROCEDURE AddHandler(session: FTPSessions.Session; root: ARRAY OF CHAR);
PROCEDURE PermitUploads(session: FTPSessions.Session);
PROCEDURE PermitUpdates(session: FTPSessions.Session);


FTPUnixFileSystems provides a handler for FTPSessions that presents a selected file hierarchy of a UNIX file system for the FTP protocol.

AddHandler installs the support for following FTP commands in conformance to RFC 959 that allows to access the directory designated by root and all sub-directories thereof. A pseudo chroot jail on base of FTPUnixPaths is established that maps ``..'' of root to root and interpretes all symbolic links below root relative to root.

By default, read-only access is provided that may be extended by PermitUploads which allows non-destructive uploads that prohibit any changes of existing files and PermitUpdates that enables unrestricted access (inside the pseudo chroot jail).

Following FTP commands are handled:


FTPUnixFileSystems does not generate error events on its own but relates all error events to session where they may be evaluated and logged later by FTPLoggers and FTPLogPrinter.


"/" should never be passed to root. This enables otherwise a large number of attacks on various devices in /dev or conflicts with other processes in directories like /tmp that are writable for everybody. In general, root should be restricted to private sub-directories where information leaks provide no security threat and uploaded files are not considered as executable files or program text without further checks. Even read-only accesses to home directories are to be considered as dangerous as they open access to otherwise secret informations like .ssh/identity (see ssh(1)). AddHandler, however, accepts anything as root.

All response texts generated by FTPUnixFileSystems avoid leakage of the path of root and detailed error messages that are directly derived from error events. Instead all pathnames are presented relative to root and standard error messages are given in case of failures. More informations may be taken from the logs.

The security considerations of FTPUnixDirLister and FTPUnixPaths apply.


implementation of FTP data channels
built-in generation of directory and file listings
support of pseudo chroot jail


FTPCommands.stou is not yet implemented.
Edited by: borchert, last change: 2003/07/10, revision: 1.3, converted to HTML: 2003/07/10

Oberon || Library || Module Index || Search Engine || Definition || Module