CentOS - May 2006 - vsftpd: users can delete files they don't possess

FTP users can delete files in their home directory they don't possess 
(including files belonging to root:root!) with vsftpd. I have reproduced 
that with vsftpd 1.1 on Suse and 2.0 on CentOS.
I don't think this should happen at all. I can't see that the 
documentation at http://vsftpd.beasts.org/vsftpd_conf.html mentions this 
problem at all.
How can I stop this?

Kai

Kai Schaetzl wrote:
> FTP users can delete files in their home directory they don't possess 
> (including files belonging to root:root!) with vsftpd. I have reproduced 
> that with vsftpd 1.1 on Suse and 2.0 on CentOS.
> I don't think this should happen at all. I can't see that the 
> documentation at http://vsftpd.beasts.org/vsftpd_conf.html mentions this 
> problem at all.
> How can I stop this?
This sounds like a Unix feature, not a bug.  If the user has write 
rights to the directory, he can delete anything in the directory no 
matter who owns the file.

# cd /home/myuser
# touch test
# chmod 400 test
# su - myuser
$ ll test
-r-------- 1 root root 0 May 16 16:58 test
$ rm test
rm: remove write-protected regular empty file `test'? y
$ ll test
ls: test: No such file or directory

-Andy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4492 bytes
Desc: S/MIME Cryptographic Signature
URL:
<http://lists.centos.org/pipermail/centos/attachments/20060516/e991c848/attachment-0002.bin>

Andy Green wrote on Tue, 16 May 2006 16:59:18 +0100:
> This sounds like a Unix feature, not a bug.  If the user has write 
> rights to the directory, he can delete anything in the directory no 
> matter who owns the file.
Oh, well, now that you say it I remember that remotely from "Unix
school".
I'd completely phased that out.

Is there a way to achieve different behavior without using acl extensions? 
My objective is that I want users *not* to be able to delete certain 
files/directories in their home directories. It seems I can achieve this 
partly by putting files in a directory they don't own. They then cannot 
delete the files in the directory and therefore cannot delete the 
directory. As soon as the directory is empty they can delete it.

Kai