Re: wu-ftpd-2.4.2.16-12 security problem
Hi,
thx for you reply. but it does not work for me.
here is what I have:
in /etc/passwd:
shao:x:1000:1000:Shao Zhang,,,:/home/shao/./:/bin/bash
in /etc/group:
floppy:x:25:shao
in /etc/wu-ftpd-academ/ftpaccess:
guestgroup floppy
After the user logs in, the use cannot see their home dir at all.
pwd returns the current dir is /.
Thanks.
Shao.
In-Reply-To: <[🔎] 19990518114138.A23619@archangel.8eight8.net.ph>; from Chad A. Adlawan on Tue, May 18, 1999 at 11:41:38AM +0800
On Tue, May 18, 1999 at 11:41:38AM +0800, Chad A. Adlawan wrote:
> thats not a security problem. its how its supposed to behave.
> if u dont want users chrooted to /home/username, that is, they can only go
> to as high as /home/username, read on re giving users "guestgroup" access in
> wu-ftpd docs, and then change their respective enreies in /etc/passwd so that
> when theyll log in to ftp, they'll be chrooted to /home/username ...
> example, for /etc/passwd:
> user:x:1023:1100:user,,,:/home/user/./:/usr/bin/ascriptiwrote
> ^^^^^^^^^^^^^
> this is his chrooted dir
> also, try reading man chroot
> AFAIK,
> Chad
>
>
> On Tue, May 18, 1999 at 01:00:15PM +0000, Shao Zhang wrote:
> > Hi,
> > I just found that this version of the wu-ftpd allows any user do a cd /
> > And then all users can see the / directory on the system.
> >
> > How do I stop this? I only want them to see /home/username.
> >
> > Thanks.
> >
> >
> > Shao.
> >
> > --
> > ____________________________________________________________________________
> > Shao Zhang - Running Debian 2.1 ___ _ _____
> > Department of Communications / __| |_ __ _ ___ |_ / |_ __ _ _ _ __ _
> > University of New South Wales \__ \ ' \/ _` / _ \ / /| ' \/ _` | ' \/ _` |
> > Sydney, Australia |___/_||_\__,_\___/ /___|_||_\__,_|_||_\__, |
> > Email: shao@cia.com.au |___/
> > _____________________________________________________________________________
> >
> >
> > --
> > Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
> >
>
--
____________________________________________________________________________
Shao Zhang - Running Debian 2.1 ___ _ _____
Department of Communications / __| |_ __ _ ___ |_ / |_ __ _ _ _ __ _
University of New South Wales \__ \ ' \/ _` / _ \ / /| ' \/ _` | ' \/ _` |
Sydney, Australia |___/_||_\__,_\___/ /___|_||_\__,_|_||_\__, |
Email: shao@cia.com.au |___/
_____________________________________________________________________________
Reply to: