| Hi Greg,
| I tried your sequence, but it didn't seem to work. Or, perhaps it worked | and the PRIVSEP option doesn't do what I expect it to. Logging in as a
| normal user gives that user root privileges.
| This seems pretty scary to me. Not so bad, since the user is locked into
| his own directory, but enough power to hurt themselves, which is too
| much power, IMHO. My users aren't experts. I can definitely see them
| clicking the delete key by accident.
| Back to digging for info...
| Thanks: John

Hi John,

After logging into pure-ftpd, even if I type "cd /", I cannot break out of my home directory. Because of the way UNIX permissions work, if root
~ (or any other user) owns a file in my home directory, I can still
delete it.

  If you want to prevent that, you'll have to also use the
chflags command to protect file that you don't want to be removed by

Wow... I learn something new in this job every day, but usually not as new as that. This completely revises what I thought I knew about permissions. If you had asked me this morning if I could delete a file owned by root with permissions set to 400 from my own directory, I would have said absolutely not. How wrong I would have been...

I guess I can do this because I own the directory that the foreign file is in, and I should have control over that directory...

Yes... If I create a directory within my own home directory and change the ownership of that directory to root:nobody, then I cannot delete any file in that directory.

Okay, this is starting to make sense. I guess I just never noticed this small detail of Unix file permissions. Very interesting!

I skimmed through the chflags section of "Absolute FreeBSD" on my first read through... It rang a bell when you mentioned it, but I'd completely forgotten about it. I'm going to read it much more carefully this time :-)

Anyway, thanks to everyone who has helped me out with my week-long struggle with 'simple' old FTP.

"Challenge your assumptions." That's the lesson of *this* week!

Brgds: John

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to