LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Red Hat (https://www.linuxquestions.org/questions/red-hat-31/)
-   -   GFTP allowing Root access to an FTP user (https://www.linuxquestions.org/questions/red-hat-31/gftp-allowing-root-access-to-an-ftp-user-132492/)

scottpioso 01-07-2004 03:25 PM
GFTP allowing Root access to an FTP user
 
Hello,

I have RH 9 and was running an FTP server using VFSTP that came with the distribution. I'm posting this as a warning to anyone who is running a FTP server on their box.

Someone I know used the program GFTP to access the root directory of my system even though I specifically denied root access through the vsftp.conf file. He did not do anything malicious but he COULD have. He said that he could have created/deleted files off of that directory. Needless to say, I am very concerned about that happening and have taken my entire Linux box off line until Red Hat advises me. Unfortunately, I do not know how to contact them directly about this and an unsure if this is a RH problem or perhaps a flaw with all distributions using VSFTP.

Has anyone else run into this same issue and if so, what did you do to secure your system from an attack?? I'm very concerned about a malicious attack on my system. I'm glad that my friend tested this otherwise I never would have known. I guess I thought that locking out root from FTP would have secured my system but it did not.

For your information, I tried to modify the permissions on the root directory and when that happened, the GUI went off line and started to loop at the command prompt. I cannot access the GUI and I think that I have corrupted my system to an unrecoverable way. At least I have everything backed up so that's not the problem.

Any advise or comments are welcome. Thank you.

ilpadrino 01-07-2004 05:06 PM
Post your vsftp.conf file in order to be able to help you. Iīm running vsftp server as well, and I donīt notice any problem with any ftp client. No one can get out of his directory. At least that is what I have checked in the log file.

Greetings

scottpioso 01-07-2004 06:20 PM
Padrino,

Unfortunately, I cannot do that. My Linux drive has become corrupted due to my stupidity in trying to secure the root directory and will not boot anymore. Plus I'm in the process of packing for moving now so I really am not even going to have the time to restore my Linux system. However, thank you for your assistance and I will try to get that posted within a few months if I can.


All times are GMT -5. The time now is 05:59 PM.