wu-ftpd is allowing access to /

rbblue · 06-02-2008, 12:42 PM

hey all,

when i first login to the server im put to my home directory.. but if i issue the command cd /

it puts me to the / directory.

how do i stop that?

pinniped · 06-03-2008, 05:14 AM

That is normal behavior of ftp software.

You can stop it by following the 'how to' instructions on "running ftp in a chroot jail". If tldp.org can't help, I'm sure google can.

Hangdog42 · 06-03-2008, 07:31 AM

You also might want to use a much more secure FTP daemon like vsftp, which allows you to chroot users to their home directories without running the daemon in an FTP jail.

rbblue · 06-03-2008, 08:03 AM

i was unable to get vsftp to allow the chown or chmod commands.

where as wu-ftpd does.

Hangdog42 · 06-03-2008, 02:57 PM

Vsftpd does allow chown and chmod, but only under certain circumstances. Any files uploaded anonymously can be chowned to a different user. Named users can use chmod, but anonymous users can't, for obvious reasons.

In general, I'd be concerned with wu-ftp. I don't think it has been maintained for a very long time, and I know there were a LOT of security issues with it.

rbblue · 06-03-2008, 02:59 PM

named users...

as in users that were logged into the system and have a real system user account?

Hangdog42 · 06-03-2008, 03:17 PM

Yes, I believe that users that have a real system account can do it. I've never used it, but that is my understanding of this entry from the vsftpd man page:

Code:

chmod_enable
    When enables, allows use of the SITE CHMOD command. NOTE! This only applies to local users. Anonymous users never get to use SITE CHMOD.

rbblue · 06-03-2008, 03:18 PM

then i need to take a look at my configure file.

for i was not able to do use that command on a real system account.