Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

with wu-ftpd i can download /et/* !!!!

Status
Not open for further replies.
haneo

haneo

Programmer
Jan 2, 2002
274
CA
when i install the laste wu-ftpd server (2.6.2) i can log with a valid user but when i can see all the / directories !!!!!!!!!!!!!!! and i can download all the files in /etc and /usr !!!!!!


help who can i do to stop this from happenning so no one can access the superior directories, should i cange the permission of /home/host permission OR change the ftp server configuration ???

Please i really need help :(
 
Sort by date Sort by votes
Hi,













This is expected behaviour. If you have a 'vanilla' wu-ftpd install on Redhat or suchlike then, by default, valid users would be existing linux userids and those users logging on to wu-ftpd have the same access rights as if they logon directly or via telent/ssh. Lots of the files in /etc would have read permissions for 'other' and the fact that an ordinary user can download /etc/passwd would be expected because an ordinary user can also 'cat /etc/passwd'. They shouldn't be able to download /etc/shadow, however, because only root has access to that.













If you have ftp only users you want to restrict from 'seeing' these directories then with wu-ftpd you have to set up a chroot jail. This is where you logically move (change) the root directory '/' to somewhere lower down the real directory tree so that a user can't 'cd ..' above that point. See --> .













Alternatively, use a different ftp server - e.g. proftpd - which makes these things a bit easier.











Hope this helps
 
Upvote 0 Downvote
Thanks ifincham for the help.

But i still have one problem !!!!
the doc say:


Now, edit your /etc/passwd file and add manually the /./ line to divide the /home/ftp directory with the /ftpadmin

>ftpadmin:x:502:502::/home/ftp/ftpadmin/:/dev/null
>To read: >ftpadmin:x:502:502::/home/ftp/./ftpadmin/:/dev/null

But i had added the ./ftpadmin
when i log by ftp i am in the / directory !!!!!!!!!!!

i had tried
ftpadmin:x:502:502::/home/ftp/ . /ftpadmin/:/dev/null
ftpadmin:x:502:502::/home/ftp/ /ftpadmin/:/dev/null
with no success (i have Mandrake 7.2)


Please i am really lost :(
 
Upvote 0 Downvote
Hi,

Do you mean the real '/' root directory or the chroot root directory - i.e. what subdirectories appear ?

Regards
 
Upvote 0 Downvote
Excuse me i am 'stupid' after 2h i redo the tutorial steps and i can ftp to my home directory.
but i still go up to / directory ????? (is it because i have mandrake ?)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SamBones
  • Locked
  • Question
How Do I Start/Stop Systemd Services as a non-root User?
Replies
2
Views
733
gbaughma
gbaughma
Steve Bowman
  • Locked
  • Question
I have a Debian server (buster) I h
Replies
0
Views
171
Steve Bowman
Steve Bowman
Tosu
  • Locked
  • Question
hi .. i have installed linux sle
Replies
1
Views
193
ChrisHirst
ChrisHirst
CecilXavier
  • Locked
  • Question
RHEL IDM with Radius not authenticating
Replies
0
Views
204
CecilXavier
CecilXavier
harro1968
  • Locked
  • Question
Help with ProxyPass
Replies
0
Views
172
harro1968
harro1968

Part and Inventory Search

Sponsor

Back
Top