can't delete folder in vsftp

nelsone · 11-23-2012, 10:03 AM

I was able to delete the new folder or file, but some can not

User rights as follows

download_enable=yes
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
local_root=/var/backup/www.showreel.hk/upload

vsftpd.conf configuration is as follows

anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
xferlog_std_format=YES
ascii_upload_enable=YES
ascii_download_enable=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
ls_recurse_enable=YES
listen=YES
pam_service_name=vsftpd.vu
userlist_enable=YES
userlist_deny=YES
tcp_wrappers=YES
chroot_local_user=YES
use_localtime=YES
guest_enable=YES
guest_username=root
anon_umask=001
anon_world_readable_only=NO
user_config_dir=/etc/vsftpd/guest_config
local_root=/var/backup/ftpsite
pasv_enable=YES
reverse_lookup_enable=NO

Finally, all the file permissions are 777,selinux is also disabled,I really do not understand in the end is that where there is wrong, hoping to get everyone's help in this. Thank you!

custangro · 11-23-2012, 11:31 AM

Two Questions

1) What are the perms on the Parent directory set to?

2) Who are the owners of the Parent directory?

--C

nelsone · 11-23-2012, 07:02 PM

Quote:

Originally Posted by custangro

Two Questions

1) What are the perms on the Parent directory set to?

2) Who are the owners of the Parent directory?

--C

The owners of the parent directory root privileges is 777

Hangdog42 · 11-24-2012, 12:08 PM

Quote:

Originally Posted by nelsone

guest_username=root

Please tell me I'm not seeing that in your vsftpd.conf.

Quote:

Originally Posted by nelsone

Finally, all the file permissions are 777,selinux is also disabled,

Please, please, PLEASE tell me this computer is not accessible in any way, shape or form from the internet.

nelsone · 11-27-2012, 03:05 AM

Quote:

Originally Posted by Hangdog42

Please tell me I'm not seeing that in your vsftpd.conf.

Please, please, PLEASE tell me this computer is not accessible in any way, shape or form from the internet.

vsftpd.conf configuration above, the server can access anywhere, this is a very strange question, I tested for a long time still did not find a solution.

deep27ak · 11-27-2012, 04:32 AM

Quote:

Originally Posted by nelsone

vsftpd.conf configuration above, the server can access anywhere, this is a very strange question, I tested for a long time still did not find a solution.

Had you restarted your server after you disabled your selinux?

what is the location of this directory you are trying to delete?

Hangdog42 · 12-01-2012, 09:56 AM

Quote:

Originally Posted by nelsone

vsftpd.conf configuration above, the server can access anywhere, this is a very strange question, I tested for a long time still did not find a solution.

No, its not a strange question. With those configuration options you are running a very high risk of giving random users root access to your machine. Not good.

Quote:

guest_username=root

This means that anyone who logs into your sftp server is made root. Since ftp transmits usernames and passwords as clear text, anyone sniffing your server will have a pretty easy time taking it over.

Quote:

Finally, all the file permissions are 777,selinux is also disabled,

If making any user root isn't bad enough, you've now removed absolutely any barrier to someone installing and running whatever they jolly well please on your machine.

In short, if your machine hasn't been thoroughly compromised already, it is only a matter of time before it is. And you've laid out the welcome mat for the bad guys.

Maybe you should lay out the overall goal you're trying to accomplish and we can suggest a way that doesn't involve giving root access to the planet.