Skip to main content

​
Overview

Write-only folders let users upload files without being able to browse, download, or see other uploads. This is perfect for:
  • Anonymous file submissions
  • Homework/assignment collection
  • Bug report attachments
  • Survey response uploads
  • Photo contest entries

​
Basic Write-Only Folder

The simplest write-only setup: 
python copyparty-sfx.py -v /mnt/uploads:/drop:w
  • /mnt/uploads - Local folder for uploads
  • /drop - URL path (http://your-server:3923/drop)
  • w - Write-only permission for everyone
Users can upload but cannot see any files, including their own.

​
Write-Only with Admin Access

1
Create accounts
2
Set up a write-only folder with an admin who can manage uploads:
3
python copyparty-sfx.py \
  -a admin:secretpass \
  -e2d \
  -v /mnt/uploads:/drop:w:A,admin
4
  • w - Everyone can upload
  • A,admin - User admin has full access (read/write/move/delete/admin)
  • -e2d - Enable database for upload tracking
    • 5
    Using configuration file
    6
    [global]
  e2d      # enable upload database
  
[accounts]
  admin: secretpass
  
[/drop]
  /mnt/uploads
  accs:
    w: *       # everyone can upload
    A: admin   # admin can do everything
    7
    Run with:
    8
    python copyparty-sfx.py -c dropbox.conf
    Let users upload files and receive a secret download link: 
    python copyparty-sfx.py -e2dsa \
  -v /mnt/uploads:/drop:wG:c,fk=8
    • wG - Write permission + Upget (upload and get link)
    • fk=8 - Filekey length (8 random characters)
    • -e2dsa - Required for filekeys
    After upload, users receive a link like: 
    http://your-server:3923/drop/photo.jpg?k=Xa9mK2pQ
    Only someone with this exact link can download the file.

    ​
    Upload Rules and Limits

    ​
    File Size Limits

    [/drop]
  /mnt/uploads
  accs:
    w: *
  flags:
    sz: 100k-50m    # files between 100KB and 50MB only
    df: 10g         # keep at least 10GB free disk space
    vmaxb: 100g     # total volume cannot exceed 100GB
    vmaxn: 10000    # maximum 10,000 files in volume

    ​
    Rate Limiting (per-IP)

    [/drop]
  /mnt/uploads
  accs:
    w: *
  flags:
    maxn: 50,3600   # max 50 files per hour per IP
    maxb: 500m,3600 # max 500MB per hour per IP

    ​
    File Lifetime (auto-delete)

    Automatically delete files after a certain time: 
    [/drop]
  /mnt/uploads
  accs:
    w: *
  flags:
    lifetime: 604800  # delete files after 7 days (seconds)
    Users can also set custom expiration times in the upload UI (if enabled).

    ​
    Restrict to Top-Level Uploads

    Prevent users from creating subdirectories: 
    [/drop]
  /mnt/uploads
  accs:
    w: *
  flags:
    nosub    # uploads must go to root folder only

    ​
    Organizing Uploads

    ​
    Automatic Folder Organization by Date

    Organize uploads into date-based folders: 
    [/drop]
  /mnt/uploads
  accs:
    w: *
  flags:
    rotf: %Y/%m/%d           # organize as 2024/03/15/
    rotf_tz: America/New_York # set timezone (default UTC)
    Uploads automatically go into folders like: 
    /mnt/uploads/2024/03/15/photo.jpg

    ​
    Automatic Folder Organization by Count

    Create subfolders after a certain number of files: 
    [/drop]
  /mnt/uploads
  accs:
    w: *
  flags:
    nosub          # users can't pick subfolder
    rotn: 1000,2   # 1000 files per folder, 2 levels deep
    Creates folders like: 
    /mnt/uploads/0/0/file001.jpg
/mnt/uploads/0/0/file002.jpg
...
/mnt/uploads/0/1/file1001.jpg

    ​
    Preventing Duplicate Uploads

    python copyparty-sfx.py -e2dsa --dedup \
  -v /mnt/uploads:/drop:w
    • -e2dsa - Index all files
    • --dedup - Create symlinks for duplicate files
    If someone uploads a file that already exists, copyparty creates a symlink instead of storing a duplicate copy.

    ​
    Allowing Users to Delete Their Own Uploads (Unpost)

    python copyparty-sfx.py -e2d --unpost 43200 \
  -v /mnt/uploads:/drop:w
    • --unpost 43200 - Allow undoing uploads within 12 hours (43200 seconds)
    • Users access via the [🧯] unpost tab
    Users can delete their own recent uploads even without delete permission.

    ​
    Write-Only with Move Access

    Let one user upload, another user review and move approved files: 
    [accounts]
  student: pass1
  teacher: pass2

[/submissions]
  /mnt/submissions
  accs:
    w: student     # students can upload only
    rm: teacher    # teacher can read and move files
    
[/approved]
  /mnt/approved
  accs:
    w: teacher     # teacher can move files here
    r: *           # everyone can browse approved submissions
    Workflow:
    1. Students upload to /submissions
    2. Teacher reviews files
    3. Teacher moves approved files to /approved
    4. Everyone can see approved submissions

    ​
    Upload Notifications

    ​
    Email Notifications

    Use event hooks to send email on upload: 
    python copyparty-sfx.py -e2d \
  --xau /usr/local/bin/notify-upload.sh \
  -v /mnt/uploads:/drop:w
    Create notify-upload.sh: 
    #!/bin/bash
FILE="$1"
echo "New upload: $FILE" | mail -s "File uploaded" [email protected]
    Make it executable: 
    chmod +x /usr/local/bin/notify-upload.sh

    ​
    Desktop Notifications

    On Linux, show a popup notification: 
    python copyparty-sfx.py -e2d \
  --xau notify-send,"New upload",-- \
  -v /mnt/uploads:/drop:w

    ​
    Advanced: Randomized Filenames

    Force random filenames on upload: 
    [/drop]
  /mnt/uploads
  accs:
    wG: *    # write + get filekey
  flags:
    fk: 8    # 8-char filekey required
    In the upload UI, users can enable [🎲] to randomize filenames, or make it mandatory with a custom upload hook.

    ​
    Complete Example: Anonymous Dropbox

    anonymous-dropbox.conf
    [global]
  e2dsa              # index files
  dedup              # prevent duplicates  
  unpost: 3600       # allow deletion within 1 hour
  theme: 2           # dark theme

[accounts]
  admin: very-secret-password

[/drop]
  /mnt/dropbox
  accs:
    wG: *            # anyone can upload and get link
    A: admin         # admin has full access
  flags:
    fk: 10           # 10-character filekeys for security
    sz: 1k-100m      # 1KB to 100MB files only
    df: 20g          # keep 20GB free
    vmaxb: 500g      # max 500GB total
    maxn: 100,3600   # 100 files per hour per IP
    maxb: 1g,3600    # 1GB per hour per IP
    lifetime: 2592000 # auto-delete after 30 days
    nosub            # no subdirectories
    rotf: %Y/%m/%d   # organize by date
    Start the server: 
    python copyparty-sfx.py -c anonymous-dropbox.conf
    Features:
    • βœ… Anonymous uploads with secret links
    • βœ… 1 hour undo window
    • βœ… Size and rate limits
    • βœ… Auto-delete after 30 days
    • βœ… Organized by upload date
    • βœ… Duplicate prevention
    • βœ… Admin can review everything

    ​
    Troubleshooting

    Make sure you’re using w or wG permission, NOT rw or r.
    accs:
  w: *     # correct - write-only
  # rw: *  # wrong - this allows reading!
    Filekeys require database indexing:
    python copyparty-sfx.py -e2dsa -v /mnt/uploads:/drop:wG:c,fk=8
    The -e2dsa is mandatory for filekeys.
    Unpost requires -e2d and the --unpost timeout:
    python copyparty-sfx.py -e2d --unpost 43200 -v /mnt/uploads:/drop:w
    Rate limits (maxn, maxb) require -j 1 (single process mode):
    python copyparty-sfx.py -j 1 -v /mnt/uploads:/drop:w:c,maxn=50,3600
    Check the ban settings:
    python copyparty-sfx.py --ban-pw 0 --ban-404 0 -v /mnt/uploads:/drop:w
    Or increase the thresholds (default is 9 failed attempts in 1 hour).

    ​
    Security Considerations

    Write-only folders can be abused for:
    • Storing illegal content
    • Malware distribution
    • Phishing attacks
    Mitigate risks:
    • Set file size limits
    • Enable rate limiting
    • Use auto-deletion (lifetime)
    • Monitor uploads regularly
    • Consider requiring accounts instead of anonymous access

    ​
    Next Steps

    Build docs developers (and LLMs) love

    Get started for freeTalk to us