Simple Permissions Problem

ewtrowbr · Posted: Sat Aug 21, 2004 5:05 am Post subject: Simple Permissions Problem

I have an anonymous ftp server. I would like to offer authenticated users the ability to upload files to the anonymous ftp server. Random anon-ftp users will not have this option.

What I have done is to put the anon root directory in the 'users' group. Users are now able to upload files to the directory.

Is this the correct way to do this? The anon root directory used to be a member or group 'root' and I changed it to 'users'. Is there a better way to do this? Do I have any security exposure?

please advise,
erich

gnuageux · Veteran Joined: 17 Apr 2004 Posts: 1201

ewtrowbr · Posted: Sat Aug 21, 2004 10:59 pm Post subject:

sry... allow me to clarify.

There are several shell users on the box. These users are not in wheel, and do not have the root password. I would like these users to be able to copy files into /home/ftp, which is the anonymous / directory.

vsftp installed /home/ftp as 'chown root:root'. I changed this to 'chown root:users'. Since the other users on the box are 'usermod -G users', they can cp and mv files into the anonymous /.

My question is: Is there a better way to do this? Am I configuring myself into a security problem?

thanks in advance,
e

gnuageux · Veteran Joined: 17 Apr 2004 Posts: 1201

Sound ok actually. Sounds to me like all you did was give users write permissions to the ftp services' root directory, not your actual root. An easy test would be ftp in as anony. cd around and see what directories you can write to. Cumbersome, but easy

_________________
The realOTW: http://forums.realotw.org/index.php

Registered Linux user#364538

ewtrowbr · Posted: Wed Aug 25, 2004 2:40 pm Post subject:

Thank you for your input. I tried your suggestion, and it seemed to work as I intend.

thanks again,
erich