Kai Schaetzl wrote:
FTP users can delete files in their home directory they don't possess (including files belonging to root:root!) with vsftpd. I have reproduced that with vsftpd 1.1 on Suse and 2.0 on CentOS. I don't think this should happen at all. I can't see that the documentation at http://vsftpd.beasts.org/vsftpd_conf.html mentions this problem at all. How can I stop this?
This sounds like a Unix feature, not a bug. If the user has write rights to the directory, he can delete anything in the directory no matter who owns the file.
# cd /home/myuser # touch test # chmod 400 test # su - myuser $ ll test -r-------- 1 root root 0 May 16 16:58 test $ rm test rm: remove write-protected regular empty file `test'? y $ ll test ls: test: No such file or directory
-Andy