Re: Controlling read access
| Hi Greg, | | I tried your sequence, but it didn't seem to work. Or, perhaps it worked | and the PRIVSEP option doesn't do what I expect it to. Logging in as a | normal user gives that user root privileges. | | This seems pretty scary to me. Not so bad, since the user is locked into | his own directory, but enough power to hurt themselves, which is too | much power, IMHO. My users aren't experts. I can definitely see them | clicking the delete key by accident. | | Back to digging for info... | | Thanks: John | Hi John, After logging into pure-ftpd, even if I type "cd /", I cannot break out of my home directory. Because of the way UNIX permissions work, if root ~ (or any other user) owns a file in my home directory, I can still delete it. If you want to prevent that, you'll have to also use the chflags command to protect file that you don't want to be removed by anyone. Wow... I learn something new in this job every day, but usually not as new as that. This completely revises what I thought I knew about permissions. If you had asked me this morning if I could delete a file owned by root with permissions set to 400 from my own directory, I would have said absolutely not. How wrong I would have been... I guess I can do this because I own the directory that the foreign file is in, and I should have control over that directory... Yes... If I create a directory within my own home directory and change the ownership of that directory to root:nobody, then I cannot delete any file in that directory. Okay, this is starting to make sense. I guess I just never noticed this small detail of Unix file permissions. Very interesting! I skimmed through the chflags section of "Absolute FreeBSD" on my first read through... It rang a bell when you mentioned it, but I'd completely forgotten about it. I'm going to read it much more carefully this time :-) Anyway, thanks to everyone who has helped me out with my week-long struggle with 'simple' old FTP. "Challenge your assumptions." That's the lesson of *this* week! Brgds: John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Controlling read access
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John Almberg wrote: |> | Now I have just one major league problem: when I logged in as one of |> the |> | users, to test the connections, I discovered that I had SUPER POWERS. I |> | was able to delete any file that I could see, including ones that were |> | owned by root. Digging uncovered the fact that pure-ftpd runs with root |> | privileges... not so good for my situation. |> | |> | My guess is I need to compile with the --with-privsep switch turned |> on... |> | |> | So, finally I have a real FreeBSD question! |> | |> | What is the proper way, in ports, to set a configuration flag? The only |> | way I could figure out was to add it to the Makefile. |> | PRIVSEP "Enable privilege separation" on \ |> | |> | If this is the correct way to turn this compile switch on, it doesn't |> | seem to work. After running: |> | |> | make deinstall |> | make config # checking the privilage separation box |> | make reinstall |> | |> | The logged in user can still delete any file, regardless of permissions |> | or ownership. This is clearly a problem... I don't want my users to be |> | able to blow away their own websites while they are uploading some |> | images. I am still digging for info on this problem. Any thoughts, much |> | appreciated! |> | |> | -- John |> | |> |> Hi John, |> |> Try this sequence instead, and you should be all set: |> |> |> make deinstall |> make clean |> make config (skip this if you've already chosen the options you want) |> make install |> |> The clean target will make sure that your environment is reset back to a |> known state. The install target will then perform a fresh build and |> install with the privsep option enabled. If you already had binaries in |> your port directory, then the reinstall target installs them without |> rebuilding, as far as I can tell from reading /usr/ports/Mk/bsd.port.mk. |> | | Hi Greg, | | I tried your sequence, but it didn't seem to work. Or, perhaps it worked | and the PRIVSEP option doesn't do what I expect it to. Logging in as a | normal user gives that user root privileges. | | This seems pretty scary to me. Not so bad, since the user is locked into | his own directory, but enough power to hurt themselves, which is too | much power, IMHO. My users aren't experts. I can definitely see them | clicking the delete key by accident. | | Back to digging for info... | | Thanks: John | Hi John, After logging into pure-ftpd, even if I type "cd /", I cannot break out of my home directory. Because of the way UNIX permissions work, if root ~ (or any other user) owns a file in my home directory, I can still delete it. If you want to prevent that, you'll have to also use the chflags command to protect file that you don't want to be removed by anyone. On the server (as root): fbsd70# pwd /usr/home/glarkin fbsd70# touch testfile fbsd70# ls -l testfile - -rw-r--r-- 1 root glarkin 0 Aug 6 13:12 testfile fbsd70# ls -lo testfile - -rw-r--r-- 1 root glarkin - 0 Aug 6 13:12 testfile fbsd70# chflags uchg testfile fbsd70# ls -lo testfile - -rw-r--r-- 1 root glarkin uchg 0 Aug 6 13:12 testfile fbsd70# Logged in to FTP as glarkin: ftp> dir testfile 200 PORT command successful 150 Connecting to port 5003 - -rw-r--r--1 0glarkin 0 Aug 6 13:12 testfile 226-Options: -a -l 226 1 matches total ftp> del testfile 550 Could not delete testfile: Operation not permitted ftp> Hope that helps, Greg - -- Greg Larkin http://www.sourcehosting.net/ http://www.FreeBSD.org/ - The Power To Serve -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFImd1O0sRouByUApARAhznAJ9/Wy8oued949Z+Zwyhh0n50kFkRACeIlFy suubRJy34OswwZslB4MPPjM= =v+no -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Controlling read access
| Now I have just one major league problem: when I logged in as one of the | users, to test the connections, I discovered that I had SUPER POWERS. I | was able to delete any file that I could see, including ones that were | owned by root. Digging uncovered the fact that pure-ftpd runs with root | privileges... not so good for my situation. | | My guess is I need to compile with the --with-privsep switch turned on... | | So, finally I have a real FreeBSD question! | | What is the proper way, in ports, to set a configuration flag? The only | way I could figure out was to add it to the Makefile. | PRIVSEP "Enable privilege separation" on \ | | If this is the correct way to turn this compile switch on, it doesn't | seem to work. After running: | | make deinstall | make config # checking the privilage separation box | make reinstall | | The logged in user can still delete any file, regardless of permissions | or ownership. This is clearly a problem... I don't want my users to be | able to blow away their own websites while they are uploading some | images. I am still digging for info on this problem. Any thoughts, much | appreciated! | | -- John | Hi John, Try this sequence instead, and you should be all set: make deinstall make clean make config (skip this if you've already chosen the options you want) make install The clean target will make sure that your environment is reset back to a known state. The install target will then perform a fresh build and install with the privsep option enabled. If you already had binaries in your port directory, then the reinstall target installs them without rebuilding, as far as I can tell from reading /usr/ports/Mk/ bsd.port.mk. Hi Greg, I tried your sequence, but it didn't seem to work. Or, perhaps it worked and the PRIVSEP option doesn't do what I expect it to. Logging in as a normal user gives that user root privileges. This seems pretty scary to me. Not so bad, since the user is locked into his own directory, but enough power to hurt themselves, which is too much power, IMHO. My users aren't experts. I can definitely see them clicking the delete key by accident. Back to digging for info... Thanks: John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Controlling read access
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John Almberg wrote: |> Hello John, |> |> There are some things that you can try. |> |> What if you connect from localhost and transfer files, is it still very |> slow? |> Try to disable TLS/SSL and see if this improve performance. |> Increase debug level and check the log for any errors. | | Well, I am learning lots about FTP :-) | | I didn't realize that FTP uses extra ports for data channels (yes, I am | a newbie). I use the PF firewall, which of course was blocking the | needed ports. Once I opened them, the connections worked perfectly. | | I also moved the control port from 21 to a higher port, and disabled | insecure FTP connections, requiring TLS/SSL for login. | | I also added pureftpd-enable="YES" to rc.conf, so I can start it up with | /usr/local/etc/rc.d/pure-ftpd restart. | | So far, so good (newbie pats himself on back.) :-) | | Now I have just one major league problem: when I logged in as one of the | users, to test the connections, I discovered that I had SUPER POWERS. I | was able to delete any file that I could see, including ones that were | owned by root. Digging uncovered the fact that pure-ftpd runs with root | privileges... not so good for my situation. | | My guess is I need to compile with the --with-privsep switch turned on... | | So, finally I have a real FreeBSD question! | | What is the proper way, in ports, to set a configuration flag? The only | way I could figure out was to add it to the Makefile. | PRIVSEP "Enable privilege separation" on \ | | If this is the correct way to turn this compile switch on, it doesn't | seem to work. After running: | | make deinstall | make config # checking the privilage separation box | make reinstall | | The logged in user can still delete any file, regardless of permissions | or ownership. This is clearly a problem... I don't want my users to be | able to blow away their own websites while they are uploading some | images. I am still digging for info on this problem. Any thoughts, much | appreciated! | | -- John | Hi John, Try this sequence instead, and you should be all set: make deinstall make clean make config (skip this if you've already chosen the options you want) make install The clean target will make sure that your environment is reset back to a known state. The install target will then perform a fresh build and install with the privsep option enabled. If you already had binaries in your port directory, then the reinstall target installs them without rebuilding, as far as I can tell from reading /usr/ports/Mk/bsd.port.mk. Hope that helps, Greg - -- Greg Larkin http://www.sourcehosting.net/ http://www.FreeBSD.org/ - The Power To Serve -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFImc6p0sRouByUApARAl9JAJ0ZN+B0Zwku8rxRNU8+fC9fCApofgCeKcC1 OgqUbzksT17KJzkA41ZvHVk= =j9zs -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Controlling read access
Hello John, There are some things that you can try. What if you connect from localhost and transfer files, is it still very slow? Try to disable TLS/SSL and see if this improve performance. Increase debug level and check the log for any errors. Well, I am learning lots about FTP :-) I didn't realize that FTP uses extra ports for data channels (yes, I am a newbie). I use the PF firewall, which of course was blocking the needed ports. Once I opened them, the connections worked perfectly. I also moved the control port from 21 to a higher port, and disabled insecure FTP connections, requiring TLS/SSL for login. I also added pureftpd-enable="YES" to rc.conf, so I can start it up with /usr/local/etc/rc.d/pure-ftpd restart. So far, so good (newbie pats himself on back.) :-) Now I have just one major league problem: when I logged in as one of the users, to test the connections, I discovered that I had SUPER POWERS. I was able to delete any file that I could see, including ones that were owned by root. Digging uncovered the fact that pure- ftpd runs with root privileges... not so good for my situation. My guess is I need to compile with the --with-privsep switch turned on... So, finally I have a real FreeBSD question! What is the proper way, in ports, to set a configuration flag? The only way I could figure out was to add it to the Makefile. PRIVSEP "Enable privilege separation" on \ If this is the correct way to turn this compile switch on, it doesn't seem to work. After running: make deinstall make config # checking the privilage separation box make reinstall The logged in user can still delete any file, regardless of permissions or ownership. This is clearly a problem... I don't want my users to be able to blow away their own websites while they are uploading some images. I am still digging for info on this problem. Any thoughts, much appreciated! -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Controlling read access
Original Message- From: John Almberg [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2008 10:55 PM To: Catalin Miclaus Cc: freebsd-questions@freebsd.org Subject: Re: Controlling read access On Jul 31, 2008, at 5:40 PM, Catalin Miclaus wrote: > Hello John, > > If you are providing only FTP services for those users, perhaps you > want > to go for an FTP server that handles virtual users. > I'm using pure-ftpd and it works great. > Google will help you find some nice howto's for same. > Hi Catalin... I installed pure--ftpd with TLS/SSL support and am having some problems with it... 1. VERY slow to list files the first time. I thought this was a DNS problem, so tried the -H flag, but no joy. Still slow. 2. When I try to connect with TLS/SSL, I get a connection, but the file list takes so long that the connection times out. Any ideas? I Googled for this problem, but the only hint I came up with was the -H flag... Thanks: John Hello John, There are some things that you can try. What if you connect from localhost and transfer files, is it still very slow? Try to disable TLS/SSL and see if this improve performance. Increase debug level and check the log for any errors. Best Regards Catalin Miclaus Network/Security ISP-Data Starcomms Ltd. DISCLAIMER: The information contained in this message (including any attachments) is confidential and may be privileged. If you have received it by mistake please notify the sender by return e-mail and permanently delete this message and any attachments from your system. Any form of dissemination, use, review, distribution, printing or copying of this message in whole or in part is strictly prohibited if you are not the intended recipient of this e-mail. Please note that e-mails are susceptible to change. STARCOMMS PLC shall not be liable for the improper or incomplete transmission of the information contained in this communication nor for any delay in its receipt or damage to your system. STARCOMMS PLC does not guarantee that the integrity of this communication has been maintained or that this communication is free of viruses, interceptions or interferences. STARCOMMS PLC reserves the right to monitor all e-mail communications, whether related to the business of STARCOMMS or not, through its internal or external networks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Controlling read access
On Jul 31, 2008, at 5:40 PM, Catalin Miclaus wrote: Hello John, If you are providing only FTP services for those users, perhaps you want to go for an FTP server that handles virtual users. I'm using pure-ftpd and it works great. Google will help you find some nice howto's for same. Hi Catalin... I installed pure--ftpd with TLS/SSL support and am having some problems with it... 1. VERY slow to list files the first time. I thought this was a DNS problem, so tried the -H flag, but no joy. Still slow. 2. When I try to connect with TLS/SSL, I get a connection, but the file list takes so long that the connection times out. Any ideas? I Googled for this problem, but the only hint I came up with was the -H flag... Thanks: John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Controlling read access
Hello John, If you are providing only FTP services for those users, perhaps you want to go for an FTP server that handles virtual users. I'm using pure-ftpd and it works great. Google will help you find some nice howto's for same. Best Regards Catalin Miclaus Network/Security ISP-Data Starcomms Ltd. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Almberg Sent: Thursday, July 31, 2008 10:17 PM To: freebsd-questions@freebsd.org Subject: Controlling read access I operate a server on which I am typically the only ssh user, but I do provide a small number of users ftp access. Each user has their own home directory. Currently all home directories have read permission set for 'other'. This means if I log in as one user, I can read and even download the contents of other users home directories. I want to block this read access. What is the best way to do this? Turn off the read bit for 'other'? Or is there some better way? Thanks: John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" DISCLAIMER: The information contained in this message (including any attachments) is confidential and may be privileged. If you have received it by mistake please notify the sender by return e-mail and permanently delete this message and any attachments from your system. Any form of dissemination, use, review, distribution, printing or copying of this message in whole or in part is strictly prohibited if you are not the intended recipient of this e-mail. Please note that e-mails are susceptible to change. STARCOMMS PLC shall not be liable for the improper or incomplete transmission of the information contained in this communication nor for any delay in its receipt or damage to your system. STARCOMMS PLC does not guarantee that the integrity of this communication has been maintained or that this communication is free of viruses, interceptions or interferences. STARCOMMS PLC reserves the right to monitor all e-mail communications, whether related to the business of STARCOMMS or not, through its internal or external networks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Controlling read access
What ftp server software are you using? For example, in proftpd, you simply add this line to /usr/local/etc/ proftpd.conf: DefaultRoot ~ and everyone is "jailed" into his own directory. It also seems the ftp daemon in the base system supports this through /etc/ftpchroot. If you are using it, read the man pages for ftpd(8) and ftpchroot(5) Ah... I knew there had to be a better way. I am using sftp-server. I'm going to try to find some documentation on it right now... Thanks: John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Controlling read access
At 04:16 PM 7/31/2008, John Almberg wrote: I operate a server on which I am typically the only ssh user, but I do provide a small number of users ftp access. Each user has their own home directory. Currently all home directories have read permission set for 'other'. This means if I log in as one user, I can read and even download the contents of other users home directories. I want to block this read access. What is the best way to do this? Turn off the read bit for 'other'? Or is there some better way? Thanks: John I've used vsftp from the ports. It is very configurable to the point you can even specify which ftp commands to allow. -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Controlling read access
On Thu, Jul 31, 2008 at 05:16:48PM -0400, John Almberg wrote: > I operate a server on which I am typically the only ssh user, but I > do provide a small number of users ftp access. > > Each user has their own home directory. Currently all home > directories have read permission set for 'other'. This means if I log > in as one user, I can read and even download the contents of other > users home directories. > > I want to block this read access. What is the best way to do this? > Turn off the read bit for 'other'? Or is there some better way? > > Thanks: John > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" Hi John, If the user logs into their own directory via FTP, there should be a way to "chroot" him/her, so that the home directory appears as the root directory. Consult your FTP server manuals for this. You might also turn off the r,w,x bits for other. Valeriu -- Valeriu Mutu ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Controlling read access
John Almberg wrote: I operate a server on which I am typically the only ssh user, but I do provide a small number of users ftp access. Each user has their own home directory. Currently all home directories have read permission set for 'other'. This means if I log in as one user, I can read and even download the contents of other users home directories. I want to block this read access. What is the best way to do this? Turn off the read bit for 'other'? Or is there some better way? Thanks: John What ftp server software are you using? For example, in proftpd, you simply add this line to /usr/local/etc/proftpd.conf: DefaultRoot ~ and everyone is "jailed" into his own directory. It also seems the ftp daemon in the base system supports this through /etc/ftpchroot. If you are using it, read the man pages for ftpd(8) and ftpchroot(5) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"