[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] proftp overwrite as site admin?

Subject: Re: [cobalt-users] proftp overwrite as site admin?
From: Jeff Lasman <blists@xxxxxxxxxxxxx>
Date: Tue Jan 20 08:19:00 2004
Organization: nobaloney.net
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

On Monday 19 January 2004 11:00 am, Keith Ford wrote:

> I'm not sure if I'm having an issue with proftpd or not.

It's not a proftpd issue; proftpd is doing as it should.

Check these lines beginning with "# Port 21"; this is what they should 
look like (and did look like in the standard RaQ4 and RaQ3 releases:

<snip>
# Port 21 is the standard FTP port.
Port                            21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           002
</snip>

> If a
> virtual site has two accounts configured as site admin, can one
> overwrite files uploaded by the other?  What I'm seeing is that they
> cannot, and "chmod" is not an optional command.  If this is standard,
> how does one allow two site admins to maintain a web site via ftp?

The Umask I mentioned above is what will give the file the rights it 
needs so any admin user can work with it.

With that Umask the site files should be set to -rw-rw-r--

The site's web directory mode must be somewhat like this:

drwxrwsr-x   14 nobaadmn site5        2048 Sep 23 10:02 web

where "nobaadmn" is the administrator for this website.

The problem is that this is quite insecure.  With this setup any site 
user with ssh or telnet access may delete or change the files.

I've seen a lot of RaQ installations where the files are set to 
-rw-r--r--

Which is more secure (anyone who can ssh or telnet in can still read the 
files but they can't write them).

But then you can only have one site admin.

> BTW, I have not installed version 2 of the proftpd patch yet, but I
> did run the rollback script that Tony posted on the Sun forums.

I haven't either, so I don't know if it does anything to the model I've 
mentioned above.

> Finally, I seem to have lost the original proftpd.conf file when I
> started working on this issue.

If you'd like a copy of the "standard" file I used above in the example, 
please contact me offlist and I'll be happy to send it to you.

Jeff
-- 
Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA  92517 US
Professional Internet Services & Support / Consulting / Colocation
Our blists address used on lists is for list email only
Phone +1 909 324-9706, or see: "http://www.nobaloney.net/contactus.html";

References:
- [cobalt-users] proftp overwrite as site admin?
  - From: Keith Ford

Prev by Date: SOLVED Re: [cobalt-users] location of mailing lists
Next by Date: Re: [cobalt-users] Which RBL is Best ??
Previous by thread: [cobalt-users] proftp overwrite as site admin?
Next by thread: [cobalt-users] replicating a raq2 drive

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index