SolarWinds | Serv-U
Contact Support: 866-530-8040 | Contact Sales: 855-498-4154 or email | Show Flags | Login
Serv-U FTP Server Home Page
The Best for Less
Secure file transfer & share files
from anywhere - affordably

BUY NOW
FREE for 14 Days
Full featured trial with secure
FTP, file sharing & web transfer

DOWNLOAD FREE TRIAL


Blind Uploads and Blind Downloads in Serv-U  -  KB Article #2079

Related Articles --

Serv-U allows administrators to set up shared folders to support both "blind uploads" and "blind downloads".

In "blind" transfers, end users are prohibited from seeing the contents of the folders on Serv-U. In blind uploads, end users are allowed to upload their files and perform integrity checks (e.g., "XMD5") against their files, but cannot list any files. In blind downloads, end users are allowed to download specific files by name, but they cannot browse for them.

Instructions

The following instructions set up one blind download folder and one blind upload folder, both shared across an entire domain.

  1. Set up virtual "upload" and "download" folders.
    • Open the Serv-U Management Console and navigate to "Directories | Virtual Paths".
    • Add one local folder for your downloads and associate that with a Virtual Path of "%Home%\download".
    • Add one local folder for your uploads and associate that with a Virtual Path of "%Home%\upload".
    • Ensure your "Virtual Paths" configuration resembles the following image.


  2. Set up "upload" file and folder access.
    • Switch to the "Directory Access" tab.
    • Add a Directory Access Rule to allow blind file uploads.
      • Navigate to the Physical Path of your virtual folder. (e.g., "D:\local\upload")
      • Click into the "Path" box and add "\*" to the end of your path. (e.g., change "D:\local\upload" to "D:\local\upload\*")
      • Uncheck ALL boxes EXCEPT "Files | Write" and "Subdirectories | Inherit" (leave those checked).
      • Make sure "Directories | List" is NOT CHECKED.
    • Add a Directory Access Rule to ensure the "upload" folder is visible during file lists - even though its contents are not!
      • Navigate to the Physical Path of your virtual folder. (e.g., "D:\local\upload")
      • Make NO CHANGES to this path.
      • Uncheck ALL boxes EXCEPT "Directories | List" (leave this checked).
    • Check to make sure you have two "upload" Directory Access entries as shown below.


  3. Set up "download" file and folder access.
    • Switch to the "Directory Access" tab.
    • Add a Directory Access Rule to allow blind file downloads.
      • Navigate to the Physical Path of your virtual folder. (e.g., "D:\local\download")
      • Click into the "Path" box and add "\*" to the end of your path. (e.g., change "D:\local\download" to "D:\local\download\*")
      • Uncheck ALL boxes EXCEPT "Files | Read" and "Subdirectories | Inherit" (leave those checked).
      • Make sure "Directories | List" is NOT CHECKED.
    • Add a Directory Access Rule to ensure the "download" folder is visible during file lists - even though its contents are not!
      • Navigate to the Physical Path of your virtual folder. (e.g., "D:\local\download")
      • Make NO CHANGES to this path.
      • Uncheck ALL boxes EXCEPT "Directories | List" (leave this checked).
    • Check to make sure you have two "download" Directory Access entries as shown below.


  4. Test from Serv-U's web client or a command-line client.
    • To test blind uploads and make sure the upload and download folders are visible, you can use Serv-U's built-in web client. Connect and sign on using an end user (locked to his/her own home folder) in that domain. You should see one "upload" and one "download" folder in your home folder and both will look empty. You will be able to upload files to the "/upload" folder but not the "/download" folder.
    • To test blind downloads, you will need a command-line client, such as the built-in FTP client that comes with Windows and most Linux operating systems. Use this client to "CD" into your "/download" folder. Then verify that you cannot list files, but that you can download and perform integrity checks against your "hidden" files.
      ftp> pwd
      257 "/" is current directory.
      ftp> dir
      200 PORT command successful.
      150 Opening ASCII mode data connection for /bin/ls.
      drwxrwxrwx   1 user     group           0 May 28 22:11 download
      drwxrwxrwx   1 user     group           0 May 29 11:09 upload
      ftp: 128 bytes received in 0.01Seconds 8.33Kbytes/sec.
      226 Transfer complete. 128 bytes transferred. 0.13 KB/sec.
      ftp> cd download
      250 Directory changed to /download
      ftp> get KB2054-Sample01.png
      200 PORT command successful.
      150 Opening BINARY mode data connection for KB2054-Sample01.png (21207 Bytes).
      226 Transfer complete. 21,207 bytes transferred. 20.71 KB/sec.
      ftp: 21207 bytes received in 0.02Seconds 1294.37Kbytes/sec.
      ftp> QUOT XMD5 KB2054-Sample01.png
      250 B2D7846E5FE660AD58B3F5F375CF5D53
      ftp> dir KB2054-Sample01.png
      200 PORT command successful.
      150 Opening ASCII mode data connection for /bin/ls.
      ftp: 0 bytes received in 0.02Seconds 0.00Kbytes/sec.
      226 Transfer complete. 0 bytes transferred. 0.00 KB/sec.
      

Variations

Serv-U supports Group-, Server-, and User-level virtual paths, so the same Directory Access and Virtual Path settings described above can also be applied to specific users, groups, or every user on the system.

Use of the "Directories | Inherit" flag is optional. If you omit it you must add additional explicit permissions for any subdirectories of your "upload" and "download" folders.

Troubleshooting

If you are having trouble setting this up, you may have misconfigured your Virtual Path. First try creating a Virtual Path as described above in step #1, but then only set up "Read Only" Directory Access to that folder until you are sure Serv-U can resolve the Virtual Paths you configured. (Once this works, then proceed to steps #2 and #3 as described above.)

The specific permissions shown above and the "double" Directory Access entries for each Virtual Path are crucial. For each pair of entries, double-check that one Directory Access entry ends with "\*" and the other one does not. Also double-check that one entry has only "L" permissions and the other one does not.

The order of the Directory Access entries is also important. Ensure that the file permission entry (i.e., the one ending in "\*") is ABOVE the directory list entry (i.e., the one that doesn't end in "\*").



Login to Customer Service Center

Please enter your e-mail address and password in the fields below.

Email Address:

Password: