Prevent file from being accessed as it's being uploaded

If I were to upload a large file to a FTP server, does that file appear immediately in the destination file system and could it potentially be accessed by another party before the transfer is complete?

If so what are some methods to prevent the file from being read until the transfer is complete?


This will depend entirely on your particular server implementations behavior, and is not fully defined in RFC959.

In General, a file is not available on the server until its upload has returned a 226, and its status is 150. if the file has not yet been fully uploaded, its status response will not be 550, and it will not transfer the file to the client.

In order to do this, the STOU verb will know that a file upload is complete when the EOF byte arrives, so at that point the entire file has been uploaded, so it returns 226.

The RECV verb will first return the status of the file requested. a response of 150 is expected if the file is in an acceptable status, and will then start the transfer.

Additionally, remember most server services are implemented as multithreaded applications, and thread-safety for files usually relies on filesystem and server OS locks on the files. On most platforms, when a file is being actively written to, other threads can neither read or write to that file, until the lock is released.


In theory the FTP server may lock the uploaded file from being accessed by other processes or other FTP connections.

In practice, it's not happening on *nix servers. I've tested this on CentOS with PureFTPD and ProFTPD (the most widely used *nix FTP servers). With both servers, nothing prevents you from downloading an incomplete file.

On the other hand, Windows IIS FTP server does lock the uploaded file. Tested on IIS 6.2 (Windows 8.1).

For a workaround see my answer at FileZilla uploads are not atomic.


If your FTP server allows a feature similar to ProFTPD's Hidden Stores you might want to try that out.

The HiddenStores directive enables two-step file uploads: files are uploaded as ".in.filename." and once the upload is complete, renamed to just "filename". This provides a degree of atomicity and helps prevent 1) incomplete uploads and 2) files being used while they're still in the progress of being uploaded.

Source : http://www.proftpd.org/docs/directives/linked/config_ref_HiddenStores.html