Date: Fri, 2 Feb 2001 15:22:56 -0500 (EST) From: Rob Simmons <rsimmons@wlcg.com> To: Will Mitayai Keeso Rowe <mit@mitayai.net> Cc: Benjamin Ossei <ben@cahostnet.net>, jeff <jeff@stardustweb.net>, security@FreeBSD.ORG Subject: RE: ftp Message-ID: <Pine.BSF.4.21.0102021521560.22965-100000@mail.wlcg.com> In-Reply-To: <NEBBIEGPMLMKDBMMICFNOEOPECAA.mit@mitayai.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I wouldn't use wu-ftp if I were you. It has a history of nasty remote exploits. Robert Simmons Systems Administrator http://www.wlcg.com/ On Fri, 2 Feb 2001, Will Mitayai Keeso Rowe wrote: > Another way is to use wu-ftpd, and "man ftpaccess" > > > :-----Original Message----- > :From: owner-freebsd-security@FreeBSD.ORG > :[mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Rob Simmons > :Sent: February 2, 2001 15:03 PM > :To: Benjamin Ossei > :Cc: jeff; security@FreeBSD.ORG > :Subject: Re: ftp > : > : > :No, they can go into other people's directories by default. The default > :umask on FreeBSD is 022, which means that all users files > :(with certain exceptions like .rhosts and others) are 644 and directories > :are 755. Both of which are world readable. I typically change the umask > :for my account to 027, that way others in the wheel group can see files I > :create, but others cannot. > : > :For more information on the way modes work, you should read the chmod and > :umask man pages. > : > :Robert Simmons > :Systems Administrator > :http://www.wlcg.com/ > : > :On Fri, 2 Feb 2001, Benjamin Ossei wrote: > : > :> By default every user has rights to their own home directory. > :Unless the server isn't set correctly. Also if they happen to > :browse, they shouldn't be able to go into anyone elses directory. > :> > :> --- Rob Simmons <rsimmons@wlcg.com> > :> > wrote: > :> >???? The server is what governs where the user can browse. > :Read the man > :> >page for ftpd, you will find that the /etc/ftpchroot controls what users > :> >are restricted to thier home directory. > :> > > :> >Robert Simmons > :> >Systems Administrator > :> >http://www.wlcg.com/ > :> > > :> >On Fri, 2 Feb 2001, jeff wrote: > :> > > :> >> Im looking for a ftp client that will keep the user in there > :home dir a lot of the new ftp software is letting users browse the > :server's other dirs any scripts I can use that would handel this issuse > :> >> > :> >> Jeff Gray cfm > :> >> > :> >> > :> > > :> > > :> > > :> >To Unsubscribe: send mail to majordomo@FreeBSD.org > :> >with "unsubscribe freebsd-security" in the body of the message > :> > :> _____________________________________________________________ > :> ========GET YOUR FREE E-MAIL============ > :> http://freemail.cahostnet.net > :> Web Hosting http://www.cahostnet.com > :> > : > : > : > :To Unsubscribe: send mail to majordomo@FreeBSD.org > :with "unsubscribe freebsd-security" in the body of the message > : > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0102021521560.22965-100000>