FileZilla Server will display hidden files

[Spunk]

Hello,

Today I started using FileZilla Server after a friend told me about it.
Loved it immediately.
But there is one thing that bothers me.

Previously I used Serv-U FTP Server. This server would allow me to hide files and folders that were hidden by Windows. "System Volume Information" and "Recycled", for example.
But I havn't seen this option anywhere in FileZilla Server.
It doesn't hide them by default either, so anyone connecting to my server will see those, and any other hidden folder in the Home directory.

Now comes the problem.
You'd expect you could hide those folders manually with FileZilla Server.
But since these folders are hidden, they're not seen by FileZilla Server either.
That means I can't select these folders to set their permissions.

Look:
http://www.van-den-kwik.demon.nl/hidden2.jpg

Hidden folders are not displayed there. So I can't set permissions for them.

I've kind of solved it by using E:\FTP as Home dir, instead of E:\.
Now I simply make an alias for each folder to be displayed in the Home Directory.
But honestly I think this is pretty stupid and I expect any FTP server to be able to hide "hidden" files.

Comments please.

[TheAngryPenguin]

IMO, access to a drive's root should never be made available to any user. With that typed, I unfortunately don't practice what I preach, for out of mere convenience, my user account has full priviledges to all drives on my FTP server. I guess it's a good thing that I have a strong password and run FileZilla Server on a non-standard port. Of course, we're all eagerly awaiting SSL functionality within FZS. Apparently, the issue described in this topic has been touched upon here.

[Spunk]

Thanks for the quick reply, Penquin.

I normally don't run my FTP server on port 21 either, but for some reason one of my friends can only acces my FTP when it runs on port 21.
Any other port and he can't connect.

Any idea what might be causing that?

As for the root thing, I agree with you.
But my E:\ drive has nothing my friends are not allowed to see.
Except for the System Volume Information and Recycled folders, they're system folders and they don't contain anything useful for them.

But as I said, it's solved by using an alias for any shared folder.

[botg]

Windows is a bad operating system, since the standard API functions and Windows explorer have different views when and how data should be displayed. Thus said, you have to manually disallow access to folders the user should not see.
However, in general you should use a different approch: Only share the directories the user should have access to. Just make a new directory ftproot somewhere and put everything into it the users should see and don't give them access else if it is not required.

[Spunk]

Windows is a bad operating system, since the standard API functions and Windows explorer have different views when and how data should be displayed. Thus said, you have to manually disallow access to folders the user should not see.
However, in general you should use a different approch: Only share the directories the user should have access to. Just make a new directory ftproot somewhere and put everything into it the users should see and don't give them access else if it is not required.

Although you are right, I still think any FTP server should have the option to simply hide "hidden" files.

But as you said, a better way to do this is to only share the folders that need to be shared.
That's what I did. I just felt like adressing this "issue".

[TheAngryPenguin]

Thanks for the quick reply, Penquin.

I normally don't run my FTP server on port 21 either, but for some reason one of my friends can only acces my FTP when it runs on port 21.
Any other port and he can't connect.

Any idea what might be causing that?

Are they behind a Linksys router? I seem to remember reading something a long time ago about older Linksys routers boogering up FTP when connecting to any port other than 21.

As for the root thing, I agree with you.
But my E:\ drive has nothing my friends are not allowed to see.
Except for the System Volume Information and Recycled folders, they're system folders and they don't contain anything useful for them.

But as I said, it's solved by using an alias for any shared folder.

Seems like a simple solution. This is kinda' akin to a jailroot. FWIW, I just noticed that when logged into my FTP I can actually view (and possibly modify) the contents of "System Volume Information" - this is probably not a good thing.

[markie73]

although I agree with the statement that the option 'display hidden files' should be added to Filezilla, the solution to hide 'hidden folders' is easy.
Simply add the folder that's hidden to the shared folder list and don't check any privileges.

[Sabin]

Hello hello,

I agree with that opinion : filezilla server should contain the option to display (or not) windows files and folders set as hidden.
Manually adding without any right the folders that we don't want to be visible is a false solution : what if we want to share maaaaaaaany many many folders, each of them containing a subfolder hidden for very good reasons ?

Thanks for the great software already

Yeah, I registered to this forum just to say that

[botg]

Hiding things which exist are a potential security problem. Just layout your directory structure in a way so that no files have to be hidden.

[Sabin]

Hiya,

Of course i'll respect your opinion, Botg, but I feel that your security concerns are exxagerated on this topic.

It is legitimate for a person to chose to set some files or folders as hidden.

Should that be related to security ? Under windows, any moderately experienced user using a computer is able to configure his explorer to display hidden files.
Thus, only the visitors of his server wouldn't be able to see his hidden folders.
I see here the risk to accidentally exxagerately limit the things visitors can see, but no security concerns.

Now, as for me precisely, I have an old directory structure, and I'd waste hours remaking it so as to have it "work" with filezilla... I'll rather stick to my current FTP servers (G6FTP and BPFTP allowing to hide over display the hidden files and folders), even though I recognize that Filezilla is better, with the exception of that single but so important detail for me.

Once again i'll repeat I respect your choices, Botg, but yet, allow me to state my feelings

[TheAngryPenguin]

I can understand both points of view. On the one hand, a well-thought out layout is of great importance when setting up dir access and privs. However, certain dirs should simply not be displayed to the client. "Hidden" directories are one thing, but 'System Volume Information' (or whatever it's called -- I'm not booted with my XP drive right now) and Recycler should never be presented to an end user, not to mention to ability to list and read these dirs' contents -- not even the Administrator group on the machine serving FTP can do these things. Then again, why have these available to users in the first place? This is a catch 22 of sorts...