I have configured my vsftpd with virtual users all of which are mapped to a system user for file system permissions (let's call him 'ftpsystemuser'). That means, if someone uploads files they are writting using owner and group of the system user:> -rw-r--r-- 1 ftpsystemuser ftpsystemuser 19968 16. M?r 11:24 Termine > Leistungspr?fungen.docNow we have the phenomenon that some files and folders are written twice, one instance as it should be and the other with owner and group 'root' and with html-like file name syntax. For example:> -rw-r--r-- 1 root root 19968 16. M?r 11:24 Termine > Leistungspr%FCfungen.doc > -rw-r--r-- 1 ftpsystemuser ftpsystemuser 19968 16. M?r 11:24 Termine > Leistungspr?fungen.docThis looks like a security problem: the process writing these files should not be able to do this as root, should it? And then it is very annoying. Has anyone seen that? Is that something I can configure off somehow? Any hint or help is appreciated, any deeper insight very welcome. Dirk
Stephen John Smoogen
2010-Apr-06 20:53 UTC
[CentOS] vsftpd writing files 2 times - once as root
On Tue, Apr 6, 2010 at 12:58 PM, Dirk H. Schulz <dirk.schulz at kinzesberg.de> wrote:> I have configured my vsftpd with virtual users all of which are mapped > to a system user for file system permissions (let's call him > 'ftpsystemuser').What is the vsftpd process running as? It is most likely root as it needs to have permission to open ports 20:21 for access. In most cases a file is going to be opened up as root, written as root, and then chowned to the configured user..> That means, if someone uploads files they are writting using owner and > group of the system user: >> -rw-r--r-- 1 ftpsystemuser ftpsystemuser 19968 16. M?r 11:24 Termine >> Leistungspr?fungen.doc > Now we have the phenomenon that some files and folders are written > twice, one instance as it should be and the other with owner and group > 'root' and with html-like file name syntax. For example: >> -rw-r--r-- 1 root ? ? ? ? ?root ? ? ? ? ?19968 16. M?r 11:24 Termine >> Leistungspr%FCfungen.doc >> -rw-r--r-- 1 ftpsystemuser ftpsystemuser 19968 16. M?r 11:24 Termine >> Leistungspr?fungen.doc > This looks like a ?security problem: the process writing these files > should not be able to do this as root, should it? > And then it is very annoying. > > Has anyone seen that? Is that something I can configure off somehow? > > Any hint or help is appreciated, any deeper insight very welcome. > > Dirk > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >-- Stephen J Smoogen. Ah, but a man's reach should exceed his grasp. Or what's a heaven for? -- Robert Browning