Kai Schaetzl wrote: > FTP users can delete files in their home directory they don't possess > (including files belonging to root:root!) with vsftpd. I have reproduced > that with vsftpd 1.1 on Suse and 2.0 on CentOS. > I don't think this should happen at all. I can't see that the > documentation at http://vsftpd.beasts.org/vsftpd_conf.html mentions this > problem at all. > How can I stop this? This sounds like a Unix feature, not a bug. If the user has write rights to the directory, he can delete anything in the directory no matter who owns the file. # cd /home/myuser # touch test # chmod 400 test # su - myuser $ ll test -r-------- 1 root root 0 May 16 16:58 test $ rm test rm: remove write-protected regular empty file `test'? y $ ll test ls: test: No such file or directory -Andy -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4492 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.centos.org/pipermail/centos/attachments/20060516/e991c848/attachment-0005.bin>