| Hi Greg,
|
| I tried your sequence, but it didn't seem to work. Or, perhaps it worked | and the PRIVSEP option doesn't do what I expect it to. Logging in as a
| normal user gives that user root privileges.
|
| This seems pretty scary to me. Not so bad, since the user is locked into
| his own directory, but enough power to hurt themselves, which is too
| much power, IMHO. My users aren't experts. I can definitely see them
| clicking the delete key by accident.
|
| Back to digging for info...
|
| Thanks: John
|

Hi John,

After logging into pure-ftpd, even if I type "cd /", I cannot break out of my home directory. Because of the way UNIX permissions work, if root
~ (or any other user) owns a file in my home directory, I can still
delete it.

  If you want to prevent that, you'll have to also use the
chflags command to protect file that you don't want to be removed by
anyone.


Wow... I learn something new in this job every day, but usually not as new as that. This completely revises what I thought I knew about permissions. If you had asked me this morning if I could delete a file owned by root with permissions set to 400 from my own directory, I would have said absolutely not. How wrong I would have been...

I guess I can do this because I own the directory that the foreign file is in, and I should have control over that directory...

Yes... If I create a directory within my own home directory and change the ownership of that directory to root:nobody, then I cannot delete any file in that directory.

Okay, this is starting to make sense. I guess I just never noticed this small detail of Unix file permissions. Very interesting!

I skimmed through the chflags section of "Absolute FreeBSD" on my first read through... It rang a bell when you mentioned it, but I'd completely forgotten about it. I'm going to read it much more carefully this time :-)

Anyway, thanks to everyone who has helped me out with my week-long struggle with 'simple' old FTP.

"Challenge your assumptions." That's the lesson of *this* week!

Brgds: John



_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to