Kai Schaetzl
2006-May-16 15:46 UTC
[CentOS] vsftpd: users can delete files they don't possess
FTP users can delete files in their home directory they don't possess (including files belonging to root:root!) with vsftpd. I have reproduced that with vsftpd 1.1 on Suse and 2.0 on CentOS. I don't think this should happen at all. I can't see that the documentation at http://vsftpd.beasts.org/vsftpd_conf.html mentions this problem at all. How can I stop this? Kai
Andy Green
2006-May-16 15:59 UTC
[CentOS] vsftpd: users can delete files they don't possess
Kai Schaetzl wrote:> FTP users can delete files in their home directory they don't possess > (including files belonging to root:root!) with vsftpd. I have reproduced > that with vsftpd 1.1 on Suse and 2.0 on CentOS. > I don't think this should happen at all. I can't see that the > documentation at http://vsftpd.beasts.org/vsftpd_conf.html mentions this > problem at all. > How can I stop this?This sounds like a Unix feature, not a bug. If the user has write rights to the directory, he can delete anything in the directory no matter who owns the file. # cd /home/myuser # touch test # chmod 400 test # su - myuser $ ll test -r-------- 1 root root 0 May 16 16:58 test $ rm test rm: remove write-protected regular empty file `test'? y $ ll test ls: test: No such file or directory -Andy -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4492 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.centos.org/pipermail/centos/attachments/20060516/e991c848/attachment-0002.bin>
Kai Schaetzl
2006-May-16 16:57 UTC
[CentOS] vsftpd: users can delete files they don't possess
Andy Green wrote on Tue, 16 May 2006 16:59:18 +0100:> This sounds like a Unix feature, not a bug. If the user has write > rights to the directory, he can delete anything in the directory no > matter who owns the file.Oh, well, now that you say it I remember that remotely from "Unix school". I'd completely phased that out. Is there a way to achieve different behavior without using acl extensions? My objective is that I want users *not* to be able to delete certain files/directories in their home directories. It seems I can achieve this partly by putting files in a directory they don't own. They then cannot delete the files in the directory and therefore cannot delete the directory. As soon as the directory is empty they can delete it. Kai