Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
01-12-2007, 09:29 PM
|
#1
|
LQ Newbie
Registered: Jan 2007
Posts: 4
Rep:
|
VSFTP show the Linux hidden files?
Hi all! This is my first post and I would like to ask a question about the configuration of VSFTP. When I use the SmartFTP to login to my ftp account, it shows all the hidden file e.g. .bashrc, .bash_logout and .bash_profile.
For the security reason, I would like to hide these files up. I have read some of the how-to from the web, most of them mentioned to add the line
hide_file={.ssh,.kde,.bash*,.vi*,.gt*,.em*}
However, it doesn’t work for me.
Could you please help for this issue? Thanks in advance!!
Linux system: FC5
Package: vsftpd-2.0.5-8
FTP client: SmartFTP v2.0.1001
|
|
|
01-12-2007, 09:39 PM
|
#2
|
Senior Member
Registered: May 2004
Location: Albuquerque, NM USA
Distribution: Debian-Lenny/Sid 32/64 Desktop: Generic AMD64-EVGA 680i Laptop: Generic Intel SIS-AC97
Posts: 4,250
Rep:
|
vsftpd is a server. The question of whether hidden files should be shown is a client issue. You should not be offering clients the opportunity to download from (or even see) a directory that includes hidden files.
|
|
|
01-12-2007, 09:52 PM
|
#3
|
LQ Newbie
Registered: Jan 2007
Posts: 4
Original Poster
Rep:
|
Hi Rickh! Thanks for your quick reply! =]
VSFTP default that the ftp account login to their home directory
which includes the hidden files that I have mentioned.
So is that I should change the login directory so that
the user would not have the opportunity to see these files?
Is that the parameter hide_file get a bug that it doesn't work or my incorrect setting?
The purpose of hide_file is supposed to hide the files from the user which I defined.
|
|
|
01-12-2007, 10:17 PM
|
#4
|
Senior Member
Registered: May 2004
Location: Albuquerque, NM USA
Distribution: Debian-Lenny/Sid 32/64 Desktop: Generic AMD64-EVGA 680i Laptop: Generic Intel SIS-AC97
Posts: 4,250
Rep:
|
Quote:
VSFTP default that the ftp account login to their home directory
|
A user has all the powers of root within his own account. Why shouldn't he be able to see the hidden files?
On Debian, the default vsftpd setup is anonymous users, but they can see only the default directory, /home/ftp/. As root, I can add files to that directory for users to download, but that's the only way anything gets in that directory.
Here is a good article about setting up vsftpd securely.
Last edited by rickh; 01-12-2007 at 10:21 PM.
|
|
|
01-12-2007, 11:42 PM
|
#5
|
Member
Registered: Jul 2006
Distribution: RHEL, CentOS, PuppyLinux, SuSe, Ubuntu, Debian
Posts: 59
Rep:
|
.bashrc, .bash_logout & .bash_profile are actually files that a shell user might want to modify, since they exist for the explicit purpose of the user customizing what happens when they login / logout.
Revealing them does not really pose a security threat. Especially so if you do not give them shell access. You can remove shell access for the user by changing the shell to /sbin/nologin for the user.
|
|
|
All times are GMT -5. The time now is 02:09 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|