[CentOS] vsftpd: users can delete files they don't possess

Kai Schaetzl maillists at conactive.com
Tue May 16 15:46:45 UTC 2006


FTP users can delete files in their home directory they don't possess 
(including files belonging to root:root!) with vsftpd. I have reproduced 
that with vsftpd 1.1 on Suse and 2.0 on CentOS.
I don't think this should happen at all. I can't see that the 
documentation at http://vsftpd.beasts.org/vsftpd_conf.html mentions this 
problem at all.
How can I stop this?

Kai





More information about the CentOS mailing list