LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices

Reply
 
Search this Thread
Old 01-07-2004, 03:25 PM   #1
scottpioso
Member
 
Registered: Jan 2003
Location: United States of America and damn proud of it!
Distribution: Ubuntu
Posts: 466

Rep: Reputation: 30
GFTP allowing Root access to an FTP user


Hello,

I have RH 9 and was running an FTP server using VFSTP that came with the distribution. I'm posting this as a warning to anyone who is running a FTP server on their box.

Someone I know used the program GFTP to access the root directory of my system even though I specifically denied root access through the vsftp.conf file. He did not do anything malicious but he COULD have. He said that he could have created/deleted files off of that directory. Needless to say, I am very concerned about that happening and have taken my entire Linux box off line until Red Hat advises me. Unfortunately, I do not know how to contact them directly about this and an unsure if this is a RH problem or perhaps a flaw with all distributions using VSFTP.

Has anyone else run into this same issue and if so, what did you do to secure your system from an attack?? I'm very concerned about a malicious attack on my system. I'm glad that my friend tested this otherwise I never would have known. I guess I thought that locking out root from FTP would have secured my system but it did not.

For your information, I tried to modify the permissions on the root directory and when that happened, the GUI went off line and started to loop at the command prompt. I cannot access the GUI and I think that I have corrupted my system to an unrecoverable way. At least I have everything backed up so that's not the problem.

Any advise or comments are welcome. Thank you.
 
Old 01-07-2004, 05:06 PM   #2
ilpadrino
Member
 
Registered: Oct 2003
Location: Spain
Distribution: Fedora
Posts: 104

Rep: Reputation: 15
Post your vsftp.conf file in order to be able to help you. Iīm running vsftp server as well, and I donīt notice any problem with any ftp client. No one can get out of his directory. At least that is what I have checked in the log file.

Greetings
 
Old 01-07-2004, 06:20 PM   #3
scottpioso
Member
 
Registered: Jan 2003
Location: United States of America and damn proud of it!
Distribution: Ubuntu
Posts: 466

Original Poster
Rep: Reputation: 30
Padrino,

Unfortunately, I cannot do that. My Linux drive has become corrupted due to my stupidity in trying to secure the root directory and will not boot anymore. Plus I'm in the process of packing for moving now so I really am not even going to have the time to restore my Linux system. However, thank you for your assistance and I will try to get that posted within a few months if I can.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Allowing port access to non-root joosep Linux - Networking 1 08-05-2005 09:24 AM
Allowing user access to one directory only aje Slackware 5 05-25-2005 08:12 PM
Allowing access to FTP server on LAN using IPTABLES - Help please sergio3986 Linux - Security 2 12-18-2003 12:22 PM
Help a Newb.. allowing root to telnet and ftp in. shanebuss Linux - General 29 01-15-2003 02:31 PM
Anyway to use rsync ssh without allowing root access? ifm Linux - Security 0 06-12-2002 01:01 PM


All times are GMT -5. The time now is 12:41 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration