LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 03-02-2010, 10:32 AM   #1
palcrypt
LQ Newbie
 
Registered: Mar 2010
Distribution: RHEL, Ubuntu, CentOS, Fedora
Posts: 2

Rep: Reputation: 0
ProFTPD Master/Root user can't get into all folders


So, I wanted a master ftp user that could access all the folders for all the users. I did this by creating a second root user. I'm aware of all the security considerations, and if there's a better way to do this than creating a root user I'd really like to know it. That said, my issue is that my new root user is still unable in FTP to access folders owned by other users that aren't world readable. Note that this is ONLY when logging in via ftp. If I login through SSH I can access all folders without problem and without the need to sudo. So this is a true root user. Does anyone have an idea how I can fix the proftpd configuration to allow my root user access to ALL folders no matter the owner?
 
Old 03-02-2010, 11:25 AM   #2
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,785
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
Quote:
Does anyone have an idea how I can fix the proftpd configuration to allow my root user access to ALL folders no matter the owner?
I guess my question is why in the world would you want to allow this? Maybe if you give us a bit more on what you're trying to accomplish, we might be able to suggest a better solution.


Quote:
I did this by creating a second root user. I'm aware of all the security considerations
Actually, I doubt you do because since FTP transmits passwords in clear text, you've just opened an ENORMOUS security hole in your machine. Particularly if your SSH access is username/password based.
 
Old 03-02-2010, 01:00 PM   #3
palcrypt
LQ Newbie
 
Registered: Mar 2010
Distribution: RHEL, Ubuntu, CentOS, Fedora
Posts: 2

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Hangdog42 View Post
I guess my question is why in the world would you want to allow this? Maybe if you give us a bit more on what you're trying to accomplish, we might be able to suggest a better solution.
Because I run a managed webserver. My company manages all the sites on the server, but to be able to use quota functionality and a number of other things each site has to be it's own virtual host. However, we want to be able to manage these sites with a single FTP login instead of having to use a separate login for each VH.

Quote:
Actually, I doubt you do because since FTP transmits passwords in clear text, you've just opened an ENORMOUS security hole in your machine. Particularly if your SSH access is username/password based.
As I understand it, if I go through an SSH tunnel this shouldn't be a problem.
 
Old 03-02-2010, 01:33 PM   #4
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,785
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
Quote:
As I understand it, if I go through an SSH tunnel this shouldn't be a problem.
You want to run FTP through an SSH tunnel? Yeah, that should work, but managing the ports will be kind of a pain.

Quote:
However, we want to be able to manage these sites with a single FTP login instead of having to use a separate login for each VH.
So rather than creating a new root user, why don't you put all the site users in their own group (say, httpusers) and make their directories read/writable by that group? That would avoid the security problems of allowing a root login.
 
  


Reply

Tags
proftpd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
adding a master proftpd user cshelswell Linux - Server 1 03-13-2009 06:35 AM
proftpd not listing files and folders Robin01 Linux - Software 2 12-29-2004 09:55 AM
Disabling the chroot in proftpd and enabling root logins on ssh/proftpd jon_k Linux - Software 1 06-16-2004 10:27 AM
Proftpd hide folders Woutermelon Linux - Networking 2 11-17-2003 10:41 AM
Pleasehelp with proftpd.conf - trying to config user to write files as other user. philg Linux - Software 1 06-21-2003 12:13 PM


All times are GMT -5. The time now is 07:22 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration