next message in archive
next message in thread
previous message in archive
previous message in thread
Index of Subjects
Index of Subjects Hi Michael, You mentioned: >The new wu-ftpd mods we put together to allow IPs to FTP documents in and >out on CCN are in between. Now you can either be the owner of a >file/directory or a member of its group. Anything else isn't available to and that's part of what we would like to do. Would it be possible to get this version of wu-ftpd?? I was trying to create symbolic links from in a users home directory to point to their IP areas, but the user couldn't cd into those links. Is there another way to allow IP's ftp access to their IP area directly?? We also have a couple support accounts. Is it possible to open up ftp to allow certain accounts to bypass these restrictions?? I found that root works, but no other accounts. Thanks again, David Priebe -------------------------------------- Date: Thu, 13 May 1999 19:23:23 -0400 From: Michael Smith <michael@csuite.ns.ca> To: David Priebe <priebe@renfrew.edu.on.ca> CC: csuite-dev@chebucto.ns.ca Subject: Re: FTPD with Csuite 1.0 On Tue, 11 May 1999, David Priebe wrote: > How does the modified ftpd restrict users to their home directory?? Source code modifications - no one can retrieve anything above their home directory, I think, and they have to be the owner of a file in order to retrieve it. > However when I test logging in with root, I can cd to any location I want. That's odd - I don't remember seeing anything in the code to make root a special case. > Does ftpd check the directory permissions?? Or does it modify the root > location for csuite users?? Stock wu-ftpd does a lot of switching back and forth between root and the logged-in user, so that the user can't do anything UNIX directory permissions wouldn't let them do. The CSuite 1.0 wu-ftpd does some more checks to hide information (so that they can't download a file not owned by them even if unix would allow it). The new wu-ftpd mods we put together to allow IPs to FTP documents in and out on CCN are in between. Now you can either be the owner of a file/directory or a member of its group. Anything else isn't available to you. I spent some time faking LIST responses, etc. to hide information better - it should be pretty hard just to find out whether a file you don't own exists, if you can't read its parent directory. > Should I be checking the permissions on all of my sub-directories to make > sure that there isn't any set wrong?? That's always a good idea. > ex: what if I have a directory under /home/support/subdir that has wide open > permissions?? Will they have access to this area if they know the location? If /home/support/subdir is world searchable, then yes, but not by FTP, or Lynx with the CSuite restrictions. I think Pine *might* in some cases be forced to look there. --------------------------------------------------------------------------- | David Priebe | Technical Officer | | System's & Network Analyst | ValleyNet (Renfrew County) Inc. | | Renfrew County Board of Ed. | "Renfrew County's Freenet!" | | priebe@renfrew.edu.on.ca | priebe@valleynet.on.ca | | http://www.renfrew.edu.on.ca | http://www.valleynet.on.ca/ | ---------------------------------------------------------------------------
next message in archive
next message in thread
previous message in archive
previous message in thread
Index of Subjects