u-read-only-groups NcFTPd general.cf file configuration
Don't forget to restart NcFTPd after modifying the general.cf file.

Starting with NcFTPd 2.7.0, the concept of restricted users has been augmented with additional functionality.  In addition to restricted users which are confined to their home directory, there are now additional classes of users which can be "read-only," "write-only," and "add-only."

Read-only users may download files, but cannot modify the filesystem in any way.  They cannot upload new files, delete files, create directories, remove directories, or change file or directory attributes. 

Write-only users may not download files, but they can upload new files, delete existing files, create or remove directories, and change file or directory attributes.  Write-only users can only perform these operations if their UNIX filesystem privileges would allow it.

Add-only users are similar to write-only users, but they can upload new files only.  They cannot remove or modify existing files or directories, nor can they download files.  These users are intended to behave like anonymous users when accessing incoming directories where NcFTPd's special handling of incoming directories takes effect.

These special restriction classes act as a layer on top of the UNIX filesystem permission handling layer.  For example, read-only users are allowed to read files, so NcFTPd's read-only layer passes permission to the UNIX layer, which means that read-only users still cannot download files that their UNIX permissions would not allow.  On the other hand, a read-only user would be denied immediately by NcFTPd's read-only layer, so UNIX permissions would not be applicable.

This option is similar to the u-restricted-groups option, where to specify which users you want to be read-only, you specify the names of groups from /etc/group that should be considered read-only.  It may be best to create a new group in /etc/group, rather than using the names of existing groups.



See Also:

Previous: u-pathname-filter NcFTPd Home Next: u-read-permission