Re: wu-ftpd security

To: debian-security@lists.debian.org
Subject: Re: wu-ftpd security
From: Bob Nielsen <nielsen@oz.net>
Date: Mon, 21 Oct 2002 13:58:26 -0700
Message-id: <[🔎] 20021021205826.GA8046@bob.n7xy.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 1035211739.3097.9.camel@monkeypaw>
References: <[🔎] 1035211739.3097.9.camel@monkeypaw>

I don't know if wu-ftpd is configurable to do otherwise, but on my
installation only anonymous users are chrooted (to /home/ftp, which has
bin, etc and lib dirs.)

On Mon, Oct 21, 2002 at 09:48:54AM -0500, Steve Johnson wrote:
> Hi,
> I'm using wu-ftpd and set up /etc/wu-ftpd/ftpaccess to allow only one
> user(using the deny-uid and allow-uid directives).  I also added a
> 'restricted-uid myuser' flag.  Everything is worknig fine, but I'm
> confused.  It's chrooting (or appears to) that user to it's home
> directory just as I would hope for, but there is no /home/myuser/bin,
> /home/myuser/etc or /home/myuser/lib dirs?  Yet when I ftp in with ncftp
> from another machine, I am chrooted, and I'm able to `ls' and run other
> commands?  How is that?  Is it really chrooted, and/or secure?

Reply to:

References:
- wu-ftpd security
  - From: Steve Johnson <steve@webninja.com>

Prev by Date: Re: ssh "banner"
Next by Date: Re: ssh "banner"
Previous by thread: wu-ftpd security
Next by thread: AIDE Information Overload
Index(es):
- Date
- Thread