[CentOS] vsftpd: users can delete files they don't possess
andy at warmcat.com
Tue May 16 15:59:18 UTC 2006
Kai Schaetzl wrote:
> FTP users can delete files in their home directory they don't possess
> (including files belonging to root:root!) with vsftpd. I have reproduced
> that with vsftpd 1.1 on Suse and 2.0 on CentOS.
> I don't think this should happen at all. I can't see that the
> documentation at http://vsftpd.beasts.org/vsftpd_conf.html mentions this
> problem at all.
> How can I stop this?
This sounds like a Unix feature, not a bug. If the user has write
rights to the directory, he can delete anything in the directory no
matter who owns the file.
# cd /home/myuser
# touch test
# chmod 400 test
# su - myuser
$ ll test
-r-------- 1 root root 0 May 16 16:58 test
$ rm test
rm: remove write-protected regular empty file `test'? y
$ ll test
ls: test: No such file or directory
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4492 bytes
Desc: S/MIME Cryptographic Signature
More information about the CentOS