wu-ftpd security

To: debian-security@lists.debian.org
Subject: wu-ftpd security
From: Steve Johnson <steve@webninja.com>
Date: 21 Oct 2002 09:48:54 -0500
Message-id: <[🔎] 1035211739.3097.9.camel@monkeypaw>

Hi,
I'm using wu-ftpd and set up /etc/wu-ftpd/ftpaccess to allow only one
user(using the deny-uid and allow-uid directives).  I also added a
'restricted-uid myuser' flag.  Everything is worknig fine, but I'm
confused.  It's chrooting (or appears to) that user to it's home
directory just as I would hope for, but there is no /home/myuser/bin,
/home/myuser/etc or /home/myuser/lib dirs?  Yet when I ftp in with ncftp
from another machine, I am chrooted, and I'm able to `ls' and run other
commands?  How is that?  Is it really chrooted, and/or secure?

Thanks in advance,
Steve

Reply to:

Follow-Ups:
- Re: wu-ftpd security
  - From: Bob Nielsen <nielsen@oz.net>

Prev by Date: Re: [OT] secure, minimal Debian installation for linux-based thin clients?
Next by Date: Re: [OT] secure, minimal Debian installation for linux-based thin clients?
Previous by thread: Re: Apache SIGUSR1 bug
Next by thread: Re: wu-ftpd security
Index(es):
- Date
- Thread