Enable PWD command on anonymous FTP?

Hello everyone - First post here,

I'm trying to connect to an anonymous ftp server and I am told by the server admin that I cannot have access to the "print working directory" command. I need to have access to this command in order for my (and my clients) preferred ftp client to connect. (the client disconnects when it encounters the PWD error)

I secretly think that the server admin isn't going to help me out unless I give him specific instructions on how to do this without compromising security.

The bizarre thing is that I can connect to the anonymous root no problem because pwd works in there. . it's just when I change directory to the folder I am supposed to use that pwd doesn't work there. What I don't understand is how the ls command could work and pwd not work. . I don't see how that has anything to do with security.

Can anyone help me find a work around to tell the sysadmin? Any thoughts would be awesome!!

Thanks in advance,

Tony

P.S. I did have one idea but I don't know exactly how to implement it. . . If pwd can't work because people in the anonymous user group can't get read access, could I write a small "hello world" program, call it PWD and put it in the path where PWD usually is? That way, it wouldn't have to actually read the current directory, it could just output some text like "PWD is Disabled!" I think that might spoof the ftp clients into thinking that PWD is working.

People will need to know about FTP server, and client used in this scenario. Who are vendor/provider of those? If possible then you can tell us IP address of FTP server so that we ourself can know about FTP server.
Your idea about writing a binary and uploading it to server might not work if
1> You cannot set its executable permission
2> You don't have "write" permission in "bin"
3> You donot have exec permission there

Hello and thanks for the reply.

The server is running some sort of Sun flavor of Unix. (best I can tell). The ftp clients I have tried have been the built in FTP in Dreamweaver 2004 MX and FileZilla. Both connect to the server ok, then when they try to print the current directory (pwd) the get a 550 error message and after seeing the error message, they both disconnect before I can actually do anything on the server.

CuteFTP and Dreamweaver 4 connect fine. I discovered that Dreamweaver 4 still performs the pwd command, but when it encounters the error, it ignores it rather than disconnect.

I have also used the DOS command line ftp client. I can connect ok using that and when I try to use pwd I cannot.

Here's the directory structure. I can connect to / and /foo_1/ with no problem and pwd works in those directories. The folder I need to connect to is /foo_1/foo_2/foo_3/

when I change directory into foo_1 and foo_2 I do not have access to use any command, not even ls. And when I get to the folder I need, foo_3, I can use nearly all ftp commands but pwd. PWD kicks up the 550 error.

Unfortunately, I cannot give you guys the FTP info.

What I do have is the ear of an unsympathetic IT guy who DOES have permission to copy files around, change permissions, etc.

When I asked him to let me use PWD, he said that he would have to give my group readable permission and that would break security. I do connect anonymously.

So this guy is not willing to find a work around which is why I'm here.

I either need:

A) The proper way to get pwd to work without compromising security, without making my group readable.

B) What I need to do to get my binary in the right place to "act" like the pwd command. . A simply "hello world" binary should be able to run without read access.

C) Any other solution, hopefully on the server side - while I could use a different FTP client, we have customers who we transfer files to on this box, and we don't want to have to give them esoteric directions to get their favorite ftp client to work.

Also, I did find a thread in devshed forums written by one of the admins in this forum, Perderabo, where he said that "pwd can't work in it's pure form if there are folders between the root folder and the target folder" I think that's the bottom issue - I know there has to be a proper work around on the server side. It seems to me like the IT guy who runs the server doesn't mean to disable PWD, it's just that it's a side effect of security.

Ok, done rambling - let me know if you all need more information!

Thanks again!

If you cd to a bad or unavailable directory, ftp generates an error.
Older versions of ftp clients don't need to "show pwd" when they connect.

So, I must be getting too old, but I fail see why you can't use a version that does not care about pwd, unless you are trying to get files whose names and locations you don't know. Your code should not care about pwd.

And, if the system in question is an IT sox box, why don't you run rsync under ssh? If the box is the mastewr, there is no violation. You connect, rsync moves/updates all of the files/directories. You don't need to know anything on your side.

The folder that I need to connect directly to is not a "bad" directory. I can see the contents of the folder, I have permission to put and receive files. The only issue is that PWD doesn't work. The two parent folders I cannot see the contents of though I can change directories to the folder I need to see.

Also, it's easy for me to use a different FTP client, but there are many people in my department who are not tech savvy and MUST use their preferred ftp client. Also, we have customers who need to connect to download files. It's bad form to say "Hey, you can't use the software you have - use something different."

Thanks for the response though!

Well, they "have" the software, unless you're using an embedded ftp.

Why don't you simply get the files for them, store them on a public network drive and win hundreds of new friends...?

cron ftp every couple of minutes - or ssh rsync ecery 10 minutes or whatever.

While these suggestions are helpful, they don't answer my question specifically.

The FTP clients that we and our customers use crap out when they encounter a PWD 550 error message. What ways are there to avoid that error without changing the FTP client or the general process? In other words, is it possible to allow PWD for anonymous connections without compromising security? Like writing a binary and replacing PWD with the binary? Or any other ideas like that?

I know that there are many, many other solutions that would work, but this is a problem that I am limited to solve in a particular way. The server isn't directly in my control. If it was, I'd throw away the anonymous FTP crap and move to SFTP with a user:pass for each individual user and tie the registration to a web app front end to help manage everything (or something like that).

I know that the solution I am seeking isn't the best or elegant, but I believe it's the only one that will work in this situation now.

Thanks!

Ok. You have to use an FTP client that does not need pwd or use pwd.

Or you have to get the admin to add pwd to the chroot jail. Those are your choices.

There is on other possibility - get the source for whatever the users have, rewrite the FTP client.

This is clearly a management problem - it is not a coding issue. It is not a support issue. You have two intractable groups and you're in the middle. You cannot code your way out easily.

How about a non-broken ftp client? Error 550 simply means "Action not taken". A polite decline from the server. Why you would need to PWD if you performed a successful CWD? Then again, why is PWD a security risk?

Silliness, all silliness.

Probably because it's a secure server and ftp is chrooted in there some misguided soul wants to stop all commands except maybe ls. However since it's anonymous ftp all of this is nonsense. anonymous ftp means world read which is NOT secure. Not no how, not no way - to quote the Lion from Oz.