Proftpd-How Do You Change The Permissions On A File From Anonymous Upload

saxsd · 03-03-2006, 10:52 AM

How do you change the file permissions on a file uploaded by an anonymous user so that they are not owned by user 'ftp'. I did a chmod g+s on /incoming so files are owned by a different group than 'ftp' but the chmod u+s does not change the owner from ftp. I would like to add something to my proftpd.conf to do this....

Thanks in advance

unSpawn · 03-07-2006, 04:53 AM

How do you change the file permissions on a file uploaded by an anonymous user so that they are not owned by user 'ftp'.
- think about switching to Vsftpd or Muddleftpd, these FTP daemons have a much better track record when it comes to security,
- rethink your FTP strategy. Anonymous users should better *not* be allowed to upload files without restrictions,
- read Proftpd docs config example about separate up and download dirs, then use something simple like Watchfile (see Freshmeat.net) or a cronjob to move files from up to download dir.

I did a chmod g+s
Change owner = chown, not chmod.

I would like to add something to my proftpd.conf to do this.
Wouldn't know how to do this with Proftpd. Maybe someone else knows.

nx5000 · 03-07-2006, 05:07 AM

Quote:

Originally Posted by unSpawn

How do you change the file permissions on a file uploaded by an anonymous user so that they are not owned by user 'ftp'.
- think about switching to Vsftpd or Muddleftpd, these FTP daemons have a much better track record when it comes to security,
- rethink your FTP strategy. Anonymous users should better *not* be allowed to upload files without restrictions

I agree with unSpawn : Proftp, eventhough it is installed on some security products has suffered some security problems.

And for anonymous , if they are allowed to upload files, they could upload illegal stuffs and then you are responsible.

The most important thing is : if you really have to do it, then be sure to not share your ftp_root with your apache_root otherwise you're really asking for trouble ;-)

saxsd · 03-07-2006, 09:27 AM

Quote:

Originally Posted by unSpawn

How do you change the file permissions on a file uploaded by an anonymous user so that they are not owned by user 'ftp'.
- think about switching to Vsftpd or Muddleftpd, these FTP daemons have a much better track record when it comes to security,
- rethink your FTP strategy. Anonymous users should better *not* be allowed to upload files without restrictions,
- read Proftpd docs config example about separate up and download dirs, then use something simple like Watchfile (see Freshmeat.net) or a cronjob to move files from up to download dir.

I did a chmod g+s
Change owner = chown, not chmod.

I would like to add something to my proftpd.conf to do this.
Wouldn't know how to do this with Proftpd. Maybe someone else knows.

I have setup incoming and outgoing directories so that when an anonymous user uploads a file the files user:group change to a local user:group. All anonymous can do is 'ls' the file if they know the filename. They cannot download anything from incoming. They cannot upload anything to outgoing only download from it if they know the filename. They are chrooted also.

Also to fix my problem I added a +CAP_CHOWN so that files uploaded by anonymous change automatically to a local user. Thanks for the input. I will checkout freshmeat.net

saxsd · 03-07-2006, 09:30 AM

Quote:

Originally Posted by nx5000

I agree with unSpawn : Proftp, eventhough it is installed on some security products has suffered some security problems.

And for anonymous , if they are allowed to upload files, they could upload illegal stuffs and then you are responsible.

The most important thing is : if you really have to do it, then be sure to not share your ftp_root with your apache_root otherwise you're really asking for trouble ;-)

Would running the deamon as a nopriv users with no shell take care of this or is there something similiar to the .ftpusers setting in vsftpd

nx5000 · 03-07-2006, 09:48 AM

I don't run any ftp server (because I don't really like this protocol) so I can't reliably answer your question: I don't know what is .ftpusers.
But yes, your ftp server has to drop its privileges (I guess it needs to be root for opening a port < 1024) to a normal user as soon as possible. Also disable his shell, yes. I think its the same for apache by default.
If somebody manages to upload a php script and your php server doesn't disable some features, then he can run what he wants. Same goes for cgi.