Free file transfer (RFC0487)
Original Publication Date: 1973-Apr-01
Included in the Prior Art Database: 2019-Feb-12
Internet Society Requests For Comment (RFCs)
Network Working Group Bob Bressler Request for Comments #487 BBN NIC #15065 6 April 1973
Free File Transfer
In the past several months, many people have commented to me about their difficulty in transferring files. The hang up appears to be with systems that have some flavor of security, but on which the user has no access privileges. Specifically, the FTP server demands a user and password before it will grant any system access. The loophole which people have been using is the MAIL FILE facility, which is both limited in scope and intended for other purposes.
A frequently used model for file protection is to define three levels of user access: 1) only the user himself; 2) all users in a group; 3) everyone. Up until now, "everyone" has meant anyone already granted logon privileges. A new class is, perhaps, needed to cover everyone, exclusive of whether or not they are logged on.
With all this in mind, I propose the following course of action:
If a user connects to an FTP server and makes a file request without supplying a user name-password, the server should then examine the file access parameters. If the file is listed as accessible to anyone, then the transfer should be allowed to proceed.
This scheme can be implemented so as not to yield file creations privileges - for example, store commands can be implemented via an append mechanism. If I wanted a file sent to me I could create an empty file with unlimited append access. I would then inform the foreign user to store (append?) to that file.
The problem of accounting is somewhat more complex. Clearly, storing a file in a user’s directory can be charged to...