Comments (3)
Thanks for the report.
The default anonymous user is not allowed to upload files
see the source code
twisted/src/twisted/protocols/ftp.py
Lines 1893 to 1898 in 1c80aad
Is there any documentation for Twisted describing that the anonymous user has write access by default?
Regarding non-anonymous users, the current ftp TAP does not support custom home paths for non-anoymous users.
twisted/src/twisted/tap/ftp.py
Lines 51 to 55 in 1c80aad
The twistd
root is passes as the anonymous root, and the non anonmous user home directory is is harcoded to the default /home/$USERNAME
Is there any documentation for Twisted FTP application suggesting that this is supported?
I would consider this a feature request,
The current options for FTP tap are here
twisted/src/twisted/tap/ftp.py
Lines 18 to 29 in 1c80aad
You can look into extending the code to support non-anonymous user home folder.
I am happy to review a PR for this.
I have updated the title of this issue to reflect the current issue.
FTP upload works... it just that you will need to store all the FTP user files inside a "/home/$USER/" directory
from twisted.
Thank you for the quick feedback, it explains a lot.
Is there any documentation for Twisted describing that the anonymous user has write access by default?
I may have had wrong expectations what the CLI tool was about. Background: I wanted a minimal FTP server solution to test a client. Without the need to setup real system users etc. And in my opinion the tool implied this by allowing to pass users and passwords as arguments and supporting anonymous access. I would expect that support of anon uploads is the more obvious use case for a test server and not supporting it would be the thing that has to be documented. Differentiating between anonymous and user downloads and uploads respectively probably took explicit implementation work. And I don't really see why. The help segment warns that the tool is insecure, great, I want to do insecure things for testing.
Is there any documentation for Twisted FTP application suggesting that this is supported?
The help output says "define the root of the ftp-site" which to me implies I can choose the default path for file transfers
Also even if I run twistd -n ftp --auth file:pass.dat
, write <user>:<password>
of my local system user into the pass.dat (I would expect to be able to define arbitrary credentials here) and then use this non-anonymous user to upload or download via curl I still receive 530 access denied without any feedback on the tool side.
from twisted.
I have never used the Twsited Application framework and TAP file.
I don't think this was explicitly designed for testing usage.
FTP anonymous is kind of a legacy implementation of a public download site.
I think it is expected to have read-only for anonymous FTP
If you want to write, you can create an user.
For testing , you can have something like this
-r = ftp.FTPRealm(config["root"])
+r = ftp.FTPRealm(anonymousRoot=config["root"], userHome="/tmp")
Then you will need to create /tmp/USERNAMES folder
The help output says "define the root of the ftp-site" which to me implies I can choose the default path for file transfers
Thanks. True.
It should say. "Defines the root of the anonymos site."
from twisted.
Related Issues (20)
- IndexError due to empty args in OpenSSL.SSL.ZeroReturnError handling in Twisted HOT 17
- t.protocols.policies.LimitConnectionsByPeer
- Add support for Encrypt-then-MAC MAC algorithms HOT 1
- twisted.names.test.test_names.ServerDNSTests.test_zoneTransferConnectionFails fails when there is no network access
- Add a context manager for calling `log.failure` when code fails
- Speed up HTTP header processing even more HOT 1
- absorb twisted-infra/twisted-benchmarks into a codspeed benchmark
- Python 3.13.0b1: test_asynchronousFlattenError fails: builtins.KeyError: "local variable ''root'' is not defined"; then `Regex didn't match` HOT 1
- demonstrate the utility of / migrate to `Logger.handlingFailures`
- Investigate tracing functionality in codspeed HOT 2
- Remove attribute lookups from twisted.web
- dev process document describes incorrect extras to get set up for testing HOT 2
- until we support `trial -j` on Windows, let's at least have a reasonable error message
- support for the Windows Subsystem for Linux (WSL)
- Several tests involving ipv6 in twisted.internet.test.test_tcp time out on Windows with no further information HOT 3
- test_startTLSAfterRegisterProducerNonStreaming is flaky
- Better Deferred type hints for callbacks that return `_T|Deferred[_T]` HOT 4
- [FIDO2Auth] Update the server example to make it easy to provide your authorized public key file HOT 2
- [FIDO2Auth] Update keys.py file to load/read a security-key from BLOB format and add tests
- [FIDO2Auth] Update userauth.py and add tests
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from twisted.