Is there a way to limit a user from creating certain files based on the filename. I still want to give the user write access to their home directory but I don't want them to be able to create files starting with a "."

This is for ftp accounts so if there is another way to stop users creating hidden files with proftp i would like to know


Cheers

I don't know of a what to prevent this. But what's the problem with creating 'hidden' files? They just another file. You just have to use the -a option on ls to see them.

There are various security exploits a user can use by creating hidden files on an ftp server

Just for example ( and i haven't left my network open to this, i am just being cautious ):

a user can create a .ssh directory and put in it the keys they require to connect
a .forward file, to forward their mail through another program and possibly be able to change their shell. ( assuming I had sendmail running )

While I have minimum services on the server running and I am not aware of any such vulnerabilities on my server, I still go by the motto " you can never be to cautious when it comes to security" and given that most of these exploits utilise configuration files that are usually hidden, and I am required to give them write access to their home directories, I figured If i stopped them from making hidden files it would add a bit of extra security to the system.

If it can't be done though, doesnt matter.

Ah, I see.

One thing you could try is to pre-create those files/directorys and chmod 000 them. Then the user would not be able to change them.

That's a really good idea